forked from github-starred/komodo
* modularize openapi structs * most of execute openapi * server / stack exec openapi * most of write openapi * more write openapi * add the write openapi definitions * fmt and bump mogh auth * gen types * remove user api, mogh auth handles api keys * clean up * cache latest image digests and use this for image update alerting / auto update * deploy 2.0.0-dev-108 * deploy 2.0.0-dev-109 * add back legacy Action "exec" method calling convention * typegen * improve config quick links styling * improve config styling a bit more * deploy 2.0.0-dev-110 * finish version upgrades page, and use prism theme oneLight and oneDark * stack level terminal page * fix Action import from terminal * clean up dangling action api keys on startup * improve swarm service / stack state inference * deploy 2.0.0-dev-111 * add api docs link * bump ts types and fix SwarmConfig type name conflict * use mogh auth for passkey conversion * align dashboard icon with sidebar * bump frontend node version * bump node version in all the dockerfiles * fix tailwind config module * fix require to import * skip auto update for images with pinned digest * dev 112 * cleanup * batch check for updates, add check to table multi select actions * dev-113 * mogh_server = "1.2.0" * serve static ui index.html with ETag / no-cache * check update available against all digests for image * deploy 2.0.0-dev-114 * bump rust to 1.93.0 * bump mogh server and auth * configure session allow cross site * deploy 2.0.0-dev-115 * add new config value to example config * Stack check for update prefers check against deployed service image * deploy 2.0.0-dev-116 * only send auto updated alert after verifying the deploy was successful * 2.0.0 UI (#1220) * new ui using mantine * resources page * prog on resource page * resources and resource layouts * confirm button and modal * tweaks * update details * topbar updates * add skeletons for resource implementations * add resource tables * add tags to recents cards * resource page table scrolling * table component + tags filter * export toml * New Resource button * Fix update details capture closing * tweaks * omni search * refine config * config tweaks * implement more configs / resource selector * add profile page * provider / account selectors * container table page * build config * deployment config * fix deployment build version selector * fix secrets selector * resource sync config * mobile topbar and updates * update details fz sm * stack config * terminals page * create terminal in prog * create terminal menu * finish create terminal menu * terminal pages working * stack tabs / info * add executions * add server header info * confirm pubkey modal * improve resource header styling * FileSource component * stack service table, move icons.ts * basic procedure config * tweak procedure config * container / image pages * network / volume pages * clean up docker resource pages * basic log / terminal ui * reusable log section * styling * clean up resource components * delete in resource header * log auto select stderr * fix some bgs * stack logs with service selector * stack terminals * add deployment executions * use correct icon * useResource hooks * build info * build info * tweaks * server tabs * fix terminal section target * prog on server tabs * server stats * light theme * start on historical stats * stack service page * resource sync tabs * sync tabs * more topbar icons * add settings basic * add topbar alerts * tweak stream selector behavior * tweak alert icon topbar * improve styling smaller screen * schedules page and other progress * onboarding keys * improve schedule page descriptions * improve update notifications * schedule timezone selector * tag color selector * finish settings / providers * use shared-text-update component so settings tables aren't janky * updates page * refine updates page * alert page * standardize borders * theme and swarm * swarm tabs * swarm node page * swarm config page * swarm pages * swarm task and secret pages * swarm stack page * fix stack log service selector in swarm mode * standard inspect section * swarm inspect tab * server and swarm resources tab * add disable confirm dialog (modal) option for executions * stack update available indicator * deployment update available * add template switch to resource headers * ResourceHeader + rename * set editing name onclick * repo tabs * server stats table * refine a bit * refine deployment / stack header info * show server stats dashboard. dashboard tables * action last run in config * SettingsUsers page * user page etc * manage api key * user base permissions * color the table multi select * user group page * UserAddUserGroup * active includes deployments / stacks * improve small screen view * fix docker pages execution showing * clean up * rename frontend to UI * align profile page styling * config maintenance windows * finish maintenance windows * builder config * add batch execute dropdown / confirm menu * batch execute styling * deploy 2.0.0-dev-117 * improve stats card light theme * add update page * improve mobile * terminal group nowrap * mobile improvements * allow unused again * improve mobile font sizing * improve mobile updates / alerts * mobile tabs * alert page * add server version mismatch color * new resource, clearable selector * Fix build show info tab * copy resources * keyboard shortcuts * server resource header version mismatch * fix type errors * container page server multi select * confirm button clear timeout * hash compare force uses first 8 for short hash * fix log height * copy webhooks * responsive tweaks * add icons to server stat sections * add historical server stats charts * server stat current card shows usage numbers * refine current stats more * fix shortcuts interfering with monaco brave * clean up unused * remove v1 frontend * bump rust version to 1.93.1 and dep versions * deploy 2.0.0-dev-118 * bump chef rust version * improve login no auth configured and passkey pending * Load Average is first historical stat * procedure / action webhook branch mobile style * dashboard active styling * hide actions when none * Select Template * execution buttons disabled when loading * Fix config input issue * improve tab styling * rename ConfigSwitch onChange -> onCheckedChange * ensure section headers consistent spacing * edit swarm join command * fix batch executions width * stack stopped and deployment exited warning instead of critical * smaller more consistent gaps * add close button to update / alert details drawer * stack and deployment state color include update available. Ensure server version mismatch color applied everywhere * deploy 2.0.0-dev-120 * topbar user dropdown shows user avatar if available * post link redirect should be to profile * deploy 2.0.0-dev-121 * improve profile delete styling * standard api key modal size * improve login styling * fix login github / google icon color * fix some wrapping stuff in tables and tag text disappear * fix terminal height - same as logs * single delete terminal * Update / Alert table filter selector formatted * tweaks for lg size * taller data table and blue omnisearch * refine lg screen size view * fix sidebar margin right * "never" -> "Never" * Add hoverable disk info * improve disk usage hover card styling * rename for clarity * thinner topbar * config sidebar save * setters use maps instead of mutations * notification green contents written success * fmt * read request are trace * deploy 2.0.0-dev-122 * debug level core <> periphery auth identifiers logs * mogh auth server 1.2.10 * mogh auth 1.2.11 * deploy 2.0.0-dev-123 * Deploy / DeployStack updates invalidate corresponding list query * confirm action / save modals don't need ConfirmButton * deploy 2.0.0-dev-124 * proper base64url decode * fix init admin user * improve mobile friendly tabs width, and onboardng key copy * rename resource invalidates * better maxheight for mobile friendly tabs * km cli needs to install crypto provider for tls ws * better responsive confirm save width * confirm modal better responsiveness * Fix api key modal too thin * better api key create * improve batch execs * improve tabs * sidebar more compact * add missing Repo header Info * Fix Pull repo * fix repo Links config * improve procedure config UI including run stack service * improve deployment network, restart, termination signal config * fix confirm update showing entries which have not changed * example execute terminal uses bash * Update deployments description * move build server * [Docs] Update connect-servers.mdx (#1256) * Update connect-servers.mdx * Update connect-servers.mdx * clean up connect servers * feat(ci): build (#1018) * fmt * fix: more verbose logging (#1017) * use .with_context for stack run directory canonicalize log * fix failing doc test * Improve server resource header hover info * service selector support swarm stack icon * fix stack terminals sometimes not disabled when it should be * add terminal create and delete messages * bump packages and add Mogh Tech copyright * revamp docsite * soften the borders * clean up stack config * fix config group header too much gap * procedure stage menu easier to reach * deploy 2.0.0-dev-125 * increase universal resource polling * improve server stats * fix data table * down node is critical * cli add print core info * add docker swarm feature card * improve toml resource repetition using macros, and fix Swarm toml support * swarm config: configure alerting options * add swarm header info * Implement New Swarm Config and New Swarm Secret * brighten tag colors * continue docs revamp * fmt * set more refetch intervals to keep display data fresh * fix copy not showing copy source when there are no templates * rename onboarding key fix_existing_servers to privileged * fix Privileged spelling * fmt * more docs improvement * improve docs intro * update the curl instructions with easier call method * fix clippy lints * refresh the server cache after every server connection successful login * deploy 2.0.0-dev-126 * add polling to dashboard summary data * tweak tag opacity * improve server stat table disk hover * fix change historical stat length collapse stats * KOMODO_DISABLE_INIT_RESOURCES * stack Project Missing should be red * Fix files on host stacks showing down after reboot until refresh cache * silence user level write logs SetLastSeenUpdate and PushRecentlyViewed * See the v2 migration guide * Improve api logging using more fields * deploy 2.0.0-dev-127 * cli create api key on database, can use with docker exec into core container * deploy 2.0.0-dev-128 * advanced km create api-key options * create onboarding key with cli * tweak * onboarding keys use tag name * deploy 2.0.0-dev-129 * stack procedure stages can select specific services to apply to (default all services) * docsite dockerfile * ./docusaurus.config.ts * need to yarn build * fix broken link * improve alert (dropdown) icons * fix docs sidebar collapse * add local search functionality * docs search nice * homepage features navigate to docs * only show build cancel when canCancel * more confirm button confirmprops red * fix docsite buttons and list more features * fix sidebar cmd click opens in new tab (is a link) * execute withBorder * cleaner execute section * swap docker compose and deploy containers * make docs logo align with app * better mobile button layout * linked logins / 2fa confirm red styling * bump rust version to 1.94.0 * move bollard::secret to bollard::config * deploy 2.0.0-dev-130 * feat: add compose_cmd_wrapper_include for selective command wrapping (#1124) - Add compose_cmd_wrapper_include field to StackConfig. - Fix wrapper placeholder text not displaying in MonacoEditor. * align configuration by removing bold label stuff * confirm update monaco readonly * dockerfile binaries / ui images default to :2 * fmt * refresh server cache lint * fmt * disabling send alerts should also disable in UI * clean up disabled alerting * deploy 2.0.0-dev-131 * mogh_pki 1.1.3 safer copy from slice * fix dev container issues on 2.0.0 (#1238) * fix node version and yarn build in dev container * ensure keys directories exist and are writable in dev container * update dev container image (necessary to fix compiler error) * fix CORS error in dev container * more dev container fixes KOMODO_SESSION_ALLOW_CROSS_SITE: true needed to properly run on Firefox * fix devcontainer port * update config pages to use "Webhooks" consistently and fix acronym casing (#1239) Co-authored-by: Maxwell Becker <49575486+mbecker20@users.noreply.github.com> * update local dev setup instructions (#1240) * example mongo deploy dev * check binary URL (#1116) * install script improve failed download binary log * align cli installer with periphery installer * improve terminal page create experience * deploy 2.0.0-dev-132 * improve mobile updates with full size query * fix some internal table wrapping * fix schedule expression examples * Add swarm updates / alerts filter * filter by update available uses location hash instead of localstorage * sync commit preserve meta "deploy" and "after" * UI fixes and tweaks * deploy 2.0.0-dev-133 * add error to warn log * Stack / deployment should inherit specific Swarm permissions * Fix inline span formatting (used in logs / errors) * refactor resource sync pending deploy for better display * deploy 2.0.0-dev-134 * improve terminal error handling * deploy 2.0.0-dev-135 * dedicated docs page for v2 * warning about failing to include init: true * Limit Periphery IPs in Advanced config * refine setup guide * 2.0.0 --------- Co-authored-by: Shlee <github@shl.ee> Co-authored-by: Yujia Qiao <code@rapiz.me> Co-authored-by: ChanningHe <52875777+ChanningHe@users.noreply.github.com> Co-authored-by: Steven Loria <sloria1@pm.me> Co-authored-by: Andreas Brett <andreasbrett@users.noreply.github.com>
597 lines
20 KiB
TOML
597 lines
20 KiB
TOML
###########################
|
|
# 🦎 KOMODO CORE CONFIG 🦎 #
|
|
###########################
|
|
|
|
## This is the offical "Default" config file for Komodo Core.
|
|
## It serves as documentation for the meaning of the fields.
|
|
## It is located at `https://github.com/moghtech/komodo/blob/main/config/core.config.toml`.
|
|
|
|
## All fields with a "Default" provided are optional. If they are
|
|
## left out of the file, the "Default" value will be used.
|
|
|
|
## This file is bundled into the official image, `ghcr.io/moghtech/komodo-core`,
|
|
## as the default config at `/config/.default.config.toml`.
|
|
## Komodo Core can start with no external config file mounted.
|
|
|
|
## Most fields can also be configured using environment variables.
|
|
## Environment variables will override values set in this file.
|
|
|
|
## Can also use JSON or YAML if preferred. You can convert here:
|
|
## - YAML: https://it-tools.tech/toml-to-yaml
|
|
## - JSON: https://it-tools.tech/toml-to-json
|
|
|
|
## This will be the document title on the web page.
|
|
## Env: KOMODO_TITLE
|
|
## Default: 'Komodo'
|
|
title = "Komodo"
|
|
|
|
## This should be the url used to access Komodo in browser, potentially behind DNS.
|
|
## Eg https://komodo.example.com or http://12.34.56.78:9120. This should match the address configured in your Oauth app.
|
|
## Env: KOMODO_HOST
|
|
## Required, no default.
|
|
host = "https://komodo.example.com"
|
|
|
|
## The port the core system will run on.
|
|
## Env: KOMODO_PORT
|
|
## Default: 9120
|
|
port = 9120
|
|
|
|
## The IP address the core server will bind to.
|
|
## The default will allow it to accept external IPv4 and IPv6 connections.
|
|
## Env: KOMODO_BIND_IP
|
|
## Default: [::]
|
|
bind_ip = "[::]"
|
|
|
|
## Default private key to use with Noise handshake to authenticate with Periphery agents.
|
|
## If using `file:/path/to/file` and the file doesn't exist yet,
|
|
## Core will generate and write new key to the path.
|
|
## Env: KOMODO_PRIVATE_KEY or KOMODO_PRIVATE_KEY_FILE
|
|
## Default: file:/config/keys/core.key
|
|
private_key = "file:/config/keys/core.key"
|
|
|
|
## Default accepted public key to allow Periphery to connect.
|
|
## If not provided, Periphery -> Core connected Servers must
|
|
## configure accepted public keys individually.
|
|
##
|
|
## Accepts public keys files using `file:/path/to/periphery.pub`
|
|
##
|
|
## Note: If used, the public key can still be overridden on individual Servers / Builders
|
|
##
|
|
## Env: KOMODO_PERIPHERY_PUBLIC_KEY
|
|
## Default: None
|
|
# periphery_public_key = "file:/config/keys/periphery.pub"
|
|
|
|
## Deprecated. Legacy v1 compatibility.
|
|
## Users should upgrade to private / public key authentication.
|
|
## Env: KOMODO_PASSKEY
|
|
# passkey = "default-passkey"
|
|
|
|
## Give the first server a custom name.
|
|
## If this is set but 'first_server_address' is not,
|
|
## will assume Periphery -> Core connection.
|
|
## Env: KOMODO_FIRST_SERVER_NAME
|
|
## Default: None
|
|
# first_server_name = "${HOSTNAME}"
|
|
|
|
## Ensure a server with this address exists on Core
|
|
## upon first startup. Example: `https://periphery:8120`
|
|
## Env: KOMODO_FIRST_SERVER_ADDRESS
|
|
## Optional, no default.
|
|
# first_server_address = ""
|
|
|
|
## Disables write support on resources in the UI.
|
|
## This protects users that that would normally have write priviledges during their UI usage,
|
|
## when they intend to fully rely on ResourceSyncs to manage config.
|
|
## Env: KOMODO_UI_WRITE_DISABLED
|
|
## Default: false
|
|
ui_write_disabled = false
|
|
|
|
## Disables the confirm dialogs on all actions. All buttons will now be double-click.
|
|
## Useful when only having http connection to core, as UI quick-copy button won't work.
|
|
## Env: KOMODO_DISABLE_CONFIRM_DIALOG
|
|
## Default: false
|
|
disable_confirm_dialog = false
|
|
|
|
## Disables UI websocket automatic reconnection.
|
|
## Users will still be able to trigger reconnect by clicking the connection indicator.
|
|
## Env: KOMODO_DISABLE_WEBSOCKET_RECONNECT
|
|
## Default: false
|
|
disable_websocket_reconnect = false
|
|
|
|
|
|
## Disable init system resource creation on fresh Komodo launch.
|
|
## These include the 'Backup Core Database' and 'Global Auto Update' procedures.
|
|
## Env: KOMODO_DISABLE_INIT_RESOURCES
|
|
## Default: false
|
|
disable_init_resources = false
|
|
|
|
## Configure the directory for sync files (inside the container).
|
|
## There shouldn't be a need to change this, just mount a volume.
|
|
## Env: KOMODO_SYNC_DIRECTORY
|
|
## Default: /syncs
|
|
sync_directory = "/syncs"
|
|
|
|
## Configure the repo directory (inside the container).
|
|
## There shouldn't be a need to change this, just mount a volume.
|
|
## Env: KOMODO_REPO_DIRECTORY
|
|
## Default: /repo-cache
|
|
repo_directory = "/repo-cache"
|
|
|
|
## Configure the action directory (inside the container).
|
|
## There shouldn't be a need to change this, or even mount a volume.
|
|
## Env: KOMODO_ACTION_DIRECTORY
|
|
## Default: /action-cache
|
|
action_directory = "/action-cache"
|
|
|
|
## Interface to use as default route in multi-NIC environments.
|
|
## Env: KOMODO_INTERNET_INTERFACE
|
|
## Example: "eth1"
|
|
## Optional, no default.
|
|
internet_interface = ""
|
|
|
|
################
|
|
# AUTH / LOGIN #
|
|
################
|
|
|
|
## Allow user login with a username / password.
|
|
## The password will be hashed and stored in the db for login comparison.
|
|
##
|
|
## NOTE:
|
|
## Komodo has no API to recover account logins, but if this happens you can doctor the database using Mongo Compass.
|
|
## Create a new Komodo user (Sign Up button), login to the database with Compass, note down your old users username and _id.
|
|
## Then delete the old user, and update the new user to have the same username and _id.
|
|
## Make sure to set `enabled: true` and maybe `admin: true` on the new user as well, while using Compass.
|
|
##
|
|
## Env: KOMODO_LOCAL_AUTH
|
|
## Default: false
|
|
local_auth = false
|
|
|
|
## Configure a minimum password length.
|
|
## Env: KOMODO_MIN_PASSWORD_LENGTH
|
|
## Default: 1
|
|
min_password_length = 1
|
|
|
|
## Initialize the first admin user when starting up Komodo for the first time.
|
|
## Env: KOMODO_INIT_ADMIN_USERNAME or KOMODO_INIT_ADMIN_USERNAME_FILE
|
|
## Default: None
|
|
# init_admin_username = "admin"
|
|
|
|
## Set password for first admin user
|
|
## Env: KOMODO_INIT_ADMIN_PASSWORD or KOMODO_INIT_ADMIN_PASSWORD_FILE
|
|
## Default: changeme
|
|
init_admin_password = "changeme"
|
|
|
|
## Normally new users will be registered, but not enabled until an Admin enables them.
|
|
## With `disable_user_registration = true`, only the first user to log in will registered as a user.
|
|
## Env: KOMODO_DISABLE_USER_REGISTRATION
|
|
## Default: false
|
|
disable_user_registration = false
|
|
|
|
## New users will be automatically enabled when they sign up.
|
|
## Otherwise, new users will be disabled on first login.
|
|
## The first user to login will always be enabled on creation.
|
|
## Env: KOMODO_ENABLE_NEW_USERS
|
|
## Default: false
|
|
enable_new_users = false
|
|
|
|
## Allows all users to have Read level access to all resources.
|
|
## Env: KOMODO_TRANSPARENT_MODE
|
|
## Default: false
|
|
transparent_mode = false
|
|
|
|
## Normally all enabled users can create resources.
|
|
## If `disable_non_admin_create = true`, only admin users can create resources.
|
|
## Env: KOMODO_DISABLE_NON_ADMIN_CREATE
|
|
## Default: false
|
|
disable_non_admin_create = false
|
|
|
|
## Normally users can update their username / password using the API.
|
|
## This will disable this ability for specific users or all users.
|
|
## Example:
|
|
## - `lock_login_credentials_for = []` will allow all users to update username / password.
|
|
## - `lock_login_credentials_for = ["demo"]` will block the demo user from doing so.
|
|
## - `lock_login_credentials_for = ["__ALL__"]` will block all users.
|
|
## Env: KOMODO_LOCK_LOGIN_CREDENTIALS_FOR
|
|
## Default: empty list
|
|
lock_login_credentials_for = []
|
|
|
|
## Optionally provide a specific jwt secret.
|
|
## Passing nothing or an empty string will cause one to be generated on every startup.
|
|
## This means users will have to log in again if Komodo restarts.
|
|
## Env: KOMODO_JWT_SECRET or KOMODO_JWT_SECRET_FILE
|
|
## Default: empty string, meaning a random secret will be generated at startup.
|
|
jwt_secret = ""
|
|
|
|
## Specify how long a user can stay logged in before they have to log in again.
|
|
## All jwts are invalidated on application restart unless `jwt_secret` is set.
|
|
## Env: KOMODO_JWT_TTL
|
|
## Options: https://docs.rs/komodo_client/latest/komodo_client/entities/enum.Timelength.html
|
|
## Default: 1-day.
|
|
jwt_ttl = "1-day"
|
|
|
|
#############
|
|
# OIDC Auth #
|
|
#############
|
|
|
|
## Enable logins with configured OIDC provider.
|
|
## Env: KOMODO_OIDC_ENABLED
|
|
## Default: false
|
|
oidc_enabled = false
|
|
|
|
## Give the provider address.
|
|
##
|
|
## The path, ie /application/o/komodo for Authentik,
|
|
## is provider and configuration specific.
|
|
##
|
|
## Note. this address must be reachable from Komodo Core container.
|
|
##
|
|
## Env: KOMODO_OIDC_PROVIDER
|
|
## Optional, no default.
|
|
oidc_provider = "https://oidc.provider.internal/application/o/komodo"
|
|
|
|
## Configure OIDC user redirect host.
|
|
##
|
|
## This is the host address users are redirected to in their browser,
|
|
## and may be different from `oidc_provider` host depending on your networking.
|
|
## If not provided (or empty string ""), the `oidc_provider` will be used.
|
|
##
|
|
## Note. DO NOT include the `path` part of the URL.
|
|
## Example: `https://oidc.provider.external`
|
|
##
|
|
## Env: KOMODO_OIDC_REDIRECT_HOST
|
|
## Optional, no default.
|
|
oidc_redirect_host = ""
|
|
|
|
## Set the OIDC Client ID.
|
|
## Env: KOMODO_OIDC_CLIENT_ID or KOMODO_OIDC_CLIENT_ID_FILE
|
|
oidc_client_id = ""
|
|
|
|
## Set the OIDC Client Secret.
|
|
## If the OIDC provider supports PKCE-only flow,
|
|
## the client secret is not necessary and can be ommitted or left empty.
|
|
## Env: KOMODO_OIDC_CLIENT_SECRET or KOMODO_OIDC_CLIENT_SECRET_FILE
|
|
oidc_client_secret = ""
|
|
|
|
## If true, use the full email for usernames.
|
|
## Otherwise, the @address will be stripped,
|
|
## making usernames more concise.
|
|
## Note. This does not work for all OIDC providers.
|
|
## Env: KOMODO_OIDC_USE_FULL_EMAIL
|
|
## Default: false.
|
|
oidc_use_full_email = false
|
|
|
|
## Some providers attach other audiences in addition to the client_id.
|
|
## If you have this issue, `Invalid audiences: `...` is not a trusted audience"`,
|
|
## you can add the audience `...` to the list here (assuming it should be trusted).
|
|
## Env: KOMODO_OIDC_ADDITIONAL_AUDIENCES or KOMODO_OIDC_ADDITIONAL_AUDIENCES_FILE
|
|
## Default: empty
|
|
oidc_additional_audiences = []
|
|
|
|
#########
|
|
# OAUTH #
|
|
#########
|
|
|
|
## Google
|
|
|
|
## Env: KOMODO_GOOGLE_OAUTH_ENABLED
|
|
## Default: false
|
|
google_oauth.enabled = false
|
|
|
|
## Env: KOMODO_GOOGLE_OAUTH_ID or KOMODO_GOOGLE_OAUTH_ID_FILE
|
|
## Required if google_oauth is enabled.
|
|
google_oauth.id = ""
|
|
|
|
## Env: KOMODO_GOOGLE_OAUTH_SECRET or KOMODO_GOOGLE_OAUTH_SECRET_FILE
|
|
## Required if google_oauth is enabled.
|
|
google_oauth.secret = ""
|
|
|
|
## Github
|
|
|
|
## Env: KOMODO_GITHUB_OAUTH_ENABLED
|
|
## Default: false
|
|
github_oauth.enabled = false
|
|
|
|
## Env: KOMODO_GITHUB_OAUTH_ID or KOMODO_GITHUB_OAUTH_ID_FILE
|
|
## Required if github_oauth is enabled.
|
|
github_oauth.id = ""
|
|
|
|
## Env: KOMODO_GITHUB_OAUTH_SECRET or KOMODO_GITHUB_OAUTH_SECRET_FILE
|
|
## Required if github_oauth is enabled.
|
|
github_oauth.secret = ""
|
|
|
|
######################
|
|
# AUTH RATE LIMITING #
|
|
######################
|
|
|
|
## By default, all authenticated requests have a global failure rate limiter
|
|
## by client IP address (X-FORWARDED-FOR, X-REAL-IP headers).
|
|
## If clients try too many calls which fail to authenticate,
|
|
## they will be temporarily blocked from making further attempts,
|
|
## mitigating brute force attacks.
|
|
|
|
## Disable the auth rate limiting.
|
|
## Env: KOMODO_AUTH_RATE_LIMIT_DISABLED
|
|
## Default: false
|
|
auth_rate_limit_disabled = false
|
|
|
|
## Configure the max attempts allowed within the given 'window_seconds'.
|
|
## Env: KOMODO_AUTH_RATE_LIMIT_MAX_ATTEMPTS
|
|
## Default: 5
|
|
auth_rate_limit_max_attempts = 5
|
|
|
|
## Set the rate limiting window in seconds.
|
|
## Env: KOMODO_AUTH_RATE_LIMIT_WINDOW_SECONDS
|
|
## Default: 15
|
|
auth_rate_limit_window_seconds = 15
|
|
|
|
##################
|
|
# CORS / SESSION #
|
|
##################
|
|
|
|
## Specifically set list of CORS allowed origins.
|
|
## If empty, allows all origins (`*`).
|
|
## Production setups should configure this explicitly.
|
|
## Env: KOMODO_CORS_ALLOWED_ORIGINS
|
|
## Default: empty
|
|
cors_allowed_origins = []
|
|
|
|
## Tell CORS to allow credentials in requests.
|
|
## Set true only if needed for authentication proxy.
|
|
## Env: KOMODO_CORS_ALLOW_CREDENTIALS
|
|
## Default: false
|
|
cors_allow_credentials = false
|
|
|
|
## Enabling this sets 'SameSite=None', which allows externally
|
|
## hosted UIs to use the login flows.
|
|
session_allow_cross_site = false
|
|
|
|
##################
|
|
# POLL INTERVALS #
|
|
##################
|
|
|
|
## Controls the rate at which servers are polled for health, system stats, and container status.
|
|
## This affects network usage, and the size of the stats stored in mongo.
|
|
## Env: KOMODO_MONITORING_INTERVAL
|
|
## Options: https://docs.rs/komodo_client/latest/komodo_client/entities/enum.Timelength.html
|
|
## Default: 15-sec
|
|
monitoring_interval = "15-sec"
|
|
|
|
## Interval at which to poll Resources for any updates / automated actions.
|
|
## Env: KOMODO_RESOURCE_POLL_INTERVAL
|
|
## Options: https://docs.rs/komodo_client/latest/komodo_client/entities/enum.Timelength.html
|
|
## Default: 1-hr
|
|
resource_poll_interval = "1-hr"
|
|
|
|
############
|
|
# Security #
|
|
############
|
|
|
|
## Enable HTTPS server using the given key and cert.
|
|
## Env: KOMODO_SSL_ENABLED
|
|
## Default: false
|
|
ssl_enabled = false
|
|
|
|
## Path to the ssl key.
|
|
## Env: KOMODO_SSL_KEY_FILE
|
|
## Default: /config/ssl/key.pem
|
|
ssl_key_file = "/config/ssl/key.pem"
|
|
|
|
## Path to the ssl cert.
|
|
## Env: KOMODO_SSL_CERT_FILE
|
|
## Default: /config/ssl/cert.pem
|
|
ssl_cert_file = "/config/ssl/cert.pem"
|
|
|
|
############
|
|
# DATABASE #
|
|
############
|
|
|
|
## Configure the database connection in one of the following ways:
|
|
|
|
## Pass a full Mongo URI to the database.
|
|
## Example: mongodb://username:password@localhost:27017
|
|
## Env: KOMODO_DATABASE_URI or KOMODO_DATABASE_URI_FILE
|
|
## Optional, can usually use `address`, `username`, `password` instead.
|
|
database.uri = ""
|
|
|
|
## ==== * OR * ==== ##
|
|
|
|
# Construct the address as mongodb://{username}:{password}@{address}
|
|
## Env: KOMODO_DATABASE_ADDRESS
|
|
database.address = "localhost:27017"
|
|
## Env: KOMODO_DATABASE_USERNAME or KOMODO_DATABASE_USERNAME_FILE
|
|
database.username = ""
|
|
## Env: KOMODO_DATABASE_PASSWORD or KOMODO_DATABASE_PASSWORD_FILE
|
|
database.password = ""
|
|
|
|
## ==== other ====
|
|
|
|
## Komodo will create its collections under this database name.
|
|
## The only reason to change this is if multiple Komodo Cores share the same db.
|
|
## Env: KOMODO_DATABASE_DB_NAME
|
|
## Default: komodo.
|
|
database.db_name = "komodo"
|
|
|
|
## This is the assigned app_name of the mongo client.
|
|
## The only reason to change this is if multiple Komodo Cores share the same db.
|
|
## Env: KOMODO_DATABASE_APP_NAME
|
|
## Default: komodo_core.
|
|
database.app_name = "komodo_core"
|
|
|
|
############
|
|
# WEBHOOKS #
|
|
############
|
|
|
|
## This token must be given to git provider during repo webhook config.
|
|
## The secret configured on the git provider side must match the secret configured here.
|
|
## If not provided,
|
|
## Env: KOMODO_WEBHOOK_SECRET or KOMODO_WEBHOOK_SECRET_FILE
|
|
## Optional, no default.
|
|
webhook_secret = "a_random_webhook_secret"
|
|
|
|
## An alternate base url that is used to recieve git webhook requests.
|
|
## If empty or not specified, will use 'host' address as base.
|
|
## This is useful if Komodo is on an internal network, but can have a
|
|
## proxy just allowing through the webhook listener api using NGINX.
|
|
## Env: KOMODO_WEBHOOK_BASE_URL
|
|
## Default: empty (none)
|
|
webhook_base_url = ""
|
|
|
|
## Configure Github webhook app. Enables webhook management apis.
|
|
## <INSERT LINK TO GUIDE>
|
|
## Env: KOMODO_GITHUB_WEBHOOK_APP_APP_ID or KOMODO_GITHUB_WEBHOOK_APP_APP_ID_FILE
|
|
# github_webhook_app.app_id = 1234455 # Find on the app page.
|
|
## Env:
|
|
## - KOMODO_GITHUB_WEBHOOK_APP_INSTALLATIONS_IDS or KOMODO_GITHUB_WEBHOOK_APP_INSTALLATIONS_IDS_FILE
|
|
## - KOMODO_GITHUB_WEBHOOK_APP_INSTALLATIONS_NAMESPACES
|
|
# github_webhook_app.installations = [
|
|
# ## Find the id after installing the app to user / organization. "namespace" is the username / organization name.
|
|
# { id = 1234, namespace = "mbecker20" }
|
|
# ]
|
|
|
|
## The path to Github webhook app private key. <INSERT LINK TO GUIDE>
|
|
## This is defaulted to `/github/private-key.pem`, and doesn't need to be changed if running core in Docker.
|
|
## Just mount the private key pem file on the host to `/github/private-key.pem` in the container.
|
|
## Eg. `/your/path/to/key.pem : /github/private-key.pem`
|
|
## Env: KOMODO_GITHUB_WEBHOOK_APP_PK_PATH
|
|
# github_webhook_app.pk_path = "/path/to/pk.pem"
|
|
|
|
###########
|
|
# LOGGING #
|
|
###########
|
|
|
|
## Specify the logging verbosity
|
|
## Env: KOMODO_LOGGING_LEVEL
|
|
## Options: off, error, warn, info, debug, trace
|
|
## Default: info
|
|
logging.level = "info"
|
|
|
|
## Specify the logging format.
|
|
## Env: KOMODO_LOGGING_STDIO
|
|
## Options: standard, json, none
|
|
## Default: standard
|
|
logging.stdio = "standard"
|
|
|
|
## Optionally specify a opentelemetry otlp endpoint to send traces to.
|
|
## Example: http://localhost:4317
|
|
## Env: KOMODO_LOGGING_OTLP_ENDPOINT
|
|
logging.otlp_endpoint = ""
|
|
|
|
## Set the opentelemetry service name.
|
|
## This will be attached to the telemetry Komodo will send.
|
|
## Env: KOMODO_LOGGING_OPENTELEMETRY_SERVICE_NAME
|
|
## Default: "Komodo"
|
|
logging.opentelemetry_service_name = "Komodo"
|
|
|
|
## Set the opentelemetry scope name.
|
|
## This will be attached to the telemetry Komodo will send.
|
|
## Env: KOMODO_LOGGING_OPENTELEMETRY_SCOPE_NAME
|
|
## Default: "Komodo"
|
|
logging.opentelemetry_scope_name = "Komodo"
|
|
|
|
## Specify whether logging is more human readable.
|
|
## Note. Single logs will span multiple lines.
|
|
## Env: KOMODO_LOGGING_PRETTY
|
|
## Default: false
|
|
logging.pretty = false
|
|
|
|
## Specify whether startup config log
|
|
## is more human readable (multi-line)
|
|
## Env: KOMODO_PRETTY_STARTUP_CONFIG
|
|
## Default: false
|
|
pretty_startup_config = false
|
|
|
|
###########
|
|
# PRUNING #
|
|
###########
|
|
|
|
## The number of days to keep historical system stats around, or 0 to disable pruning.
|
|
## Stats older that are than this number of days are deleted on a daily cycle.
|
|
## Env: KOMODO_KEEP_STATS_FOR_DAYS
|
|
## Default: 14
|
|
keep_stats_for_days = 14
|
|
|
|
## The number of days to keep alerts around, or 0 to disable pruning.
|
|
## Alerts older that are than this number of days are deleted on a daily cycle.
|
|
## Env: KOMODO_KEEP_ALERTS_FOR_DAYS
|
|
## Default: 14
|
|
keep_alerts_for_days = 14
|
|
|
|
###################
|
|
# CLOUD PROVIDERS #
|
|
###################
|
|
|
|
## Komodo can build images by deploying AWS EC2 instances,
|
|
## running the build, and afterwards destroying the instance.
|
|
|
|
## Provide AWS api keys for ephemeral builders
|
|
## Env: KOMODO_AWS_ACCESS_KEY_ID or KOMODO_AWS_ACCESS_KEY_ID_FILE
|
|
aws.access_key_id = ""
|
|
## Env: KOMODO_AWS_SECRET_ACCESS_KEY or KOMODO_AWS_SECRET_ACCESS_KEY_FILE
|
|
aws.secret_access_key = ""
|
|
|
|
#################
|
|
# GIT PROVIDERS #
|
|
#################
|
|
|
|
## These will be available to attach to Builds, Repos, Stacks, and Syncs.
|
|
## They allow these Resources to clone private repositories.
|
|
## They cannot be configured on the environment.
|
|
|
|
## configure git providers
|
|
# [[git_provider]]
|
|
# domain = "github.com"
|
|
# accounts = [
|
|
# { username = "mbecker20", token = "access_token_for_account" },
|
|
# { username = "moghtech", token = "access_token_for_other_account" },
|
|
# ]
|
|
|
|
# [[git_provider]]
|
|
# domain = "git.mogh.tech" # use a custom provider, like self-hosted gitea
|
|
# accounts = [
|
|
# { username = "mbecker20", token = "access_token_for_account" },
|
|
# ]
|
|
|
|
# [[git_provider]]
|
|
# domain = "localhost:8000" # use a custom provider, like self-hosted gitea
|
|
# https = false # use http://localhost:8000 as base-url for clone
|
|
# accounts = [
|
|
# { username = "mbecker20", token = "access_token_for_account" },
|
|
# ]
|
|
|
|
######################
|
|
# REGISTRY PROVIDERS #
|
|
######################
|
|
|
|
## These will be available to attach to Builds and Stacks.
|
|
## They allow these Resources to pull private images.
|
|
## They cannot be configured on the environment.
|
|
|
|
## configure docker registries
|
|
# [[docker_registry]]
|
|
# domain = "docker.io"
|
|
# accounts = [
|
|
# { username = "mbecker2020", token = "access_token_for_account" }
|
|
# ]
|
|
# organizations = ["DockerhubOrganization"]
|
|
|
|
# [[docker_registry]]
|
|
# domain = "git.mogh.tech" # use a custom provider, like self-hosted gitea
|
|
# accounts = [
|
|
# { username = "mbecker20", token = "access_token_for_account" },
|
|
# ]
|
|
# organizations = ["Mogh"] # These become available in the UI
|
|
|
|
###########
|
|
# SECRETS #
|
|
###########
|
|
|
|
## Provide Core based secrets.
|
|
## These will be available to interpolate into your Deployment / Stack environments,
|
|
## and will be hidden in the UI and logs.
|
|
## These are available to use on any Periphery (Server),
|
|
## but you can also limit access more by placing them in a single Periphery's config file instead.
|
|
## These cannot be configured in the Komodo Core environment, they must be passed in the file.
|
|
|
|
# [secrets]
|
|
# SECRET_1 = "value_1"
|
|
# SECRET_2 = "value_2" |