docs and config clean up

2026-04-28 03:38:55 -05:00 · 2025-09-29 00:06:35 -07:00
parent a226ffc256
commit 1a08df28d0
8 changed files with 107 additions and 97 deletions
--- a/compose/compose.env
+++ b/compose/compose.env
@@ -13,8 +13,8 @@ COMPOSE_KOMODO_IMAGE_TAG=latest
 COMPOSE_KOMODO_BACKUPS_PATH=/etc/komodo/backups

 ## DB credentials
-KOMODO_DB_USERNAME=admin
-KOMODO_DB_PASSWORD=admin
+KOMODO_DATABASE_USERNAME=admin
+KOMODO_DATABASE_PASSWORD=admin

 ## Set your time zone for schedules
 ## https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
@@ -30,23 +30,42 @@ TZ=Etc/UTC
 ## Note. Secret variables also support `${VARIABLE}_FILE` syntax to pass docker compose secrets.
 ## Docs: https://docs.docker.com/compose/how-tos/use-secrets/#examples

+## Used for Oauth / Webhook url suggestion.
+KOMODO_HOST=https://demo.komo.do
+## Displayed in the browser tab.
+KOMODO_TITLE=Komodo
+
+## Enable login with username + password.
+KOMODO_LOCAL_AUTH=true
+## Set the initial admin username created upon first launch.
+## Comment out to disable initial user creation,
+## and create first user using signup button.
+KOMODO_INIT_ADMIN_USERNAME=admin
+## Set the initial admin password
+KOMODO_INIT_ADMIN_PASSWORD=changeme
+
 ## Private key used with noise handshake during Core <-> Periphery authentication.
 ## Compute a public key given private key using `km key compute <private-key>`.
 ## 32 characters or less.
 KOMODO_PRIVATE_KEY="default-core-pk"

-## Used for Oauth / Webhook url suggestion.
-KOMODO_HOST=https://demo.komo.do
-## Displayed in the browser tab.
-KOMODO_TITLE=Komodo
 ## Create a server matching this address as the "first server".
 ## Use `https://host.docker.internal:8120` when using systemd-managed Periphery.
 KOMODO_FIRST_SERVER=https://periphery:8120
 ## Give the first server a custom name.
 KOMODO_FIRST_SERVER_NAME=Local
-## Make all buttons just double-click, rather than the full confirmation dialog.
+
+## Make execute buttons just double-click, rather than the full confirmation dialog.
 KOMODO_DISABLE_CONFIRM_DIALOG=false

+## Used to auth incoming webhooks. Alt: KOMODO_WEBHOOK_SECRET_FILE
+KOMODO_WEBHOOK_SECRET=a_random_secret
+## Used to generate jwt. Alt: KOMODO_JWT_SECRET_FILE
+KOMODO_JWT_SECRET=a_random_jwt_secret
+## Time to live for jwt tokens.
+## Options: 1-hr, 12-hr, 1-day, 3-day, 1-wk, 2-wk
+KOMODO_JWT_TTL="1-day"
+
 ## Rate Komodo polls your servers for
 ## status / container status / system stats / alerting.
 ## Options: 1-sec, 5-sec, 15-sec, 1-min, 5-min, 15-min
@@ -57,22 +76,6 @@ KOMODO_MONITORING_INTERVAL="15-sec"
 ## Default: 1-hr
 KOMODO_RESOURCE_POLL_INTERVAL="1-hr"

-## Used to auth incoming webhooks. Alt: KOMODO_WEBHOOK_SECRET_FILE
-KOMODO_WEBHOOK_SECRET=a_random_secret
-## Used to generate jwt. Alt: KOMODO_JWT_SECRET_FILE
-KOMODO_JWT_SECRET=a_random_jwt_secret
-## Time to live for jwt tokens.
-## Options: 1-hr, 12-hr, 1-day, 3-day, 1-wk, 2-wk
-KOMODO_JWT_TTL="1-day"
-
-## Enable login with username + password.
-KOMODO_LOCAL_AUTH=true
-## Set the initial admin username created upon first launch.
-## Comment out to disable initial user creation,
-## and create first user using signup button.
-KOMODO_INIT_ADMIN_USERNAME=admin
-## Set the initial admin password
-KOMODO_INIT_ADMIN_PASSWORD=changeme
 ## Disable new user signups.
 KOMODO_DISABLE_USER_REGISTRATION=false
 ## All new logins are auto enabled
@@ -82,11 +85,6 @@ KOMODO_DISABLE_NON_ADMIN_CREATE=false
 ## Allows all users to have Read level access to all resources.
 KOMODO_TRANSPARENT_MODE=false

-## Prettier logging with empty lines between logs
-KOMODO_LOGGING_PRETTY=false
-## More human readable logging of startup config (multi-line)
-KOMODO_PRETTY_STARTUP_CONFIG=false
-
 ## OIDC Login
 KOMODO_OIDC_ENABLED=false
 ## Must reachable from Komodo Core container
@@ -120,6 +118,11 @@ KOMODO_GOOGLE_OAUTH_ENABLED=false
 KOMODO_AWS_ACCESS_KEY_ID= # Alt: KOMODO_AWS_ACCESS_KEY_ID_FILE
 KOMODO_AWS_SECRET_ACCESS_KEY= # Alt: KOMODO_AWS_SECRET_ACCESS_KEY_FILE

+## Prettier logging with empty lines between logs
+KOMODO_LOGGING_PRETTY=false
+## More human readable logging of startup config (multi-line)
+KOMODO_PRETTY_STARTUP_CONFIG=false
+
 #=------------------------------=#
 #= Komodo Periphery Environment =#
 #=------------------------------=#
@@ -134,6 +137,8 @@ KOMODO_AWS_SECRET_ACCESS_KEY= # Alt: KOMODO_AWS_SECRET_ACCESS_KEY_FILE
 PERIPHERY_CORE_PUBLIC_KEYS="sFIibtOSCFLQelO4b4x6VoYIddkRn9Tj1Nas2eR1ME0="

 ## Specify the root directory used by Periphery agent.
+## All your compose files and repos need to be inside this directory
+## for Periphery to interact with them.
 PERIPHERY_ROOT_DIRECTORY=/etc/komodo

 ## Specify whether to disable the terminals feature
--- a/compose/ferretdb.compose.yaml
+++ b/compose/ferretdb.compose.yaml
@@ -20,8 +20,8 @@ services:
    volumes:
      - postgres-data:/var/lib/postgresql/data
    environment:
-      POSTGRES_USER: ${KOMODO_DB_USERNAME}
-      POSTGRES_PASSWORD: ${KOMODO_DB_PASSWORD}
+      POSTGRES_USER: ${KOMODO_DATABASE_USERNAME}
+      POSTGRES_PASSWORD: ${KOMODO_DATABASE_PASSWORD}
      POSTGRES_DB: postgres

  ferretdb:
@@ -38,7 +38,7 @@ services:
    volumes:
      - ferretdb-state:/state
    environment:
-      FERRETDB_POSTGRESQL_URL: postgres://${KOMODO_DB_USERNAME}:${KOMODO_DB_PASSWORD}@postgres:5432/postgres
+      FERRETDB_POSTGRESQL_URL: postgres://${KOMODO_DATABASE_USERNAME}:${KOMODO_DATABASE_PASSWORD}@postgres:5432/postgres
  
  core:
    image: ghcr.io/moghtech/komodo-core:${COMPOSE_KOMODO_IMAGE_TAG:-latest}
@@ -52,8 +52,6 @@ services:
    env_file: ./compose.env
    environment:
      KOMODO_DATABASE_ADDRESS: ferretdb:27017
-      KOMODO_DATABASE_USERNAME: ${KOMODO_DB_USERNAME}
-      KOMODO_DATABASE_PASSWORD: ${KOMODO_DB_PASSWORD}
    volumes:
      ## Store dated backups of the database - https://komo.do/docs/setup/backup
      - ${COMPOSE_KOMODO_BACKUPS_PATH}:/backups
--- a/compose/mongo.compose.yaml
+++ b/compose/mongo.compose.yaml
@@ -20,8 +20,8 @@ services:
      - mongo-data:/data/db
      - mongo-config:/data/configdb
    environment:
-      MONGO_INITDB_ROOT_USERNAME: ${KOMODO_DB_USERNAME}
-      MONGO_INITDB_ROOT_PASSWORD: ${KOMODO_DB_PASSWORD}
+      MONGO_INITDB_ROOT_USERNAME: ${KOMODO_DATABASE_USERNAME}
+      MONGO_INITDB_ROOT_PASSWORD: ${KOMODO_DATABASE_PASSWORD}
  
  core:
    image: ghcr.io/moghtech/komodo-core:${COMPOSE_KOMODO_IMAGE_TAG:-latest}
@@ -35,8 +35,6 @@ services:
    env_file: ./compose.env
    environment:
      KOMODO_DATABASE_ADDRESS: mongo:27017
-      KOMODO_DATABASE_USERNAME: ${KOMODO_DB_USERNAME}
-      KOMODO_DATABASE_PASSWORD: ${KOMODO_DB_PASSWORD}
    volumes:
      ## Store dated backups of the database - https://komo.do/docs/setup/backup
      - ${COMPOSE_KOMODO_BACKUPS_PATH}:/backups
--- a/compose/periphery.compose.yaml
+++ b/compose/periphery.compose.yaml
@@ -13,14 +13,37 @@ services:
    restart: unless-stopped
    ## https://komo.do/docs/connect-servers#configuration
    environment:
+      ### ==============================
+      ###  CORE -> PERIPHERY CONNECTION
+      ### ==============================
+      ## List of accepted Core public keys
+      PERIPHERY_CORE_PUBLIC_KEYS: sFIibtOSCFLQelO4b4x6VoYIddkRn9Tj1Nas2eR1ME0=
+      ### ==============================
+      ###  PERIPHERY -> CORE CONNECTION
+      ### ==============================
+      ## The address of Komodo Core to connect to.
+      # PERIPHERY_CORE_ADDRESS: komodo.example.com
+      ## The name of the Komodo Server to connect as.
+      ## Must match existing server.
+      # PERIPHERY_CONNECT_AS: server-name
+      ## Core must have matching public key configured to authenticate.
+      ## Compute then public key using `km key compute <private-key>`.
+      # PERIPHERY_PRIVATE_KEY: default-periphery-pk
+      ## Disable the inbound connection server.
+      # PERIPHERY_SERVER_ENABLED: false
+      ### ================
+      ###  GENERAL CONFIG
+      ### ================
+      ## Specify the root directory used by Periphery agent.
+      ## All your compose files and repos need to be inside this directory
+      ## for Periphery to interact with them.
      PERIPHERY_ROOT_DIRECTORY: ${PERIPHERY_ROOT_DIRECTORY:-/etc/komodo}
-      ## Pass the same passkey as used by the Komodo Core connecting to this Periphery agent.
-      PERIPHERY_PASSKEYS: abc123
-      ## Make server run over https
-      PERIPHERY_SSL_ENABLED: true
      ## Specify whether to disable the terminals feature
      ## and disallow remote shell access (inside the Periphery container).
      PERIPHERY_DISABLE_TERMINALS: false
+      ## Specify whether to disable the container exec feature
+      ## and disallow remote container shell access.
+      PERIPHERY_DISABLE_CONTAINER_EXEC: false
      ## If the disk size is overreporting, can use one of these to 
      ## whitelist / blacklist the disks to filter them, whichever is easier.
      ## Accepts comma separated list of paths.
--- a/config/periphery.config.toml
+++ b/config/periphery.config.toml
@@ -29,11 +29,11 @@
 ## Default: Random 32 bytes in memory. Changes every restart.
 private_key = "default-periphery-pk"

-## Accepted public key to allow Core to connect.
+## Accepted public keys to allow Core(s) to connect.
 ## Periphery gains knowledge of the Core public key through the noise handshake.
 ## If not provided, inbound connections will not be authenticated.
-## Env: PERIPHERY_CORE_PUBLIC_KEY
-# core_public_key = "sFIibtOSCFLQelO4b4x6VoYIddkRn9Tj1Nas2eR1ME0="
+## Env: PERIPHERY_CORE_PUBLIC_KEYS
+# core_public_keys = "sFIibtOSCFLQelO4b4x6VoYIddkRn9Tj1Nas2eR1ME0="

 ## Deprecated. Legacy v1 compatibility.
 ## Users should upgrade to private / public key authentication.
--- a/docsite/docs/setup/connect-servers.mdx
+++ b/docsite/docs/setup/connect-servers.mdx
@@ -4,22 +4,16 @@
 import RemoteCodeFile from "@site/src/components/RemoteCodeFile";
 ```

-Connecting a server to Komodo has 2 steps:
+Connecting a server to Komodo has 3 steps:

-1.  Install the Periphery agent on the server (either binary or container).
-2.  Add the server to Komodo via the Core API / UI.
+1.  Add the Server to Komodo via the Core API / UI.
+2.  Install and configure the Periphery agent on the server.
+3.  Confirm the connection status is OK.

 ## Install Periphery

 You can install Periphery as a systemd managed process, run it as a [docker container](https://github.com/moghtech/komodo/pkgs/container/komodo-periphery), or do whatever you want with the binary.

-:::warning
-Allowing unintended access to the Periphery agent API is a security risk.
-Ensure to take appropriate measures to block access to the Periphery API, such as firewall rules on port `8120`.
-Additionally, you can whitelist your Komodo Core IP address in the [Periphery config](https://github.com/moghtech/komodo/blob/main/config/periphery.config.toml#L46),
-and configure it to [only accept requests including your Core passkey](https://github.com/moghtech/komodo/blob/main/config/periphery.config.toml#L51).
-:::
-
 ### Install the Periphery agent - systemd

 As root user:
@@ -79,13 +73,8 @@ Ensure that the user which periphery is run as has access to the docker group wi

 ### Example periphery start command

-```
-periphery \
-	--config-path /path/to/periphery.config.base.toml \
-	--config-path /other_path/to/override-periphery-config-directory \
-	--config-keyword periphery \
-	--config-keyword config \
-	--merge-nested-config true
+```sh
+periphery --config-path /path/to/periphery.config.toml
 ```

 :::info
@@ -97,6 +86,28 @@ When running periphery in docker, use [command](https://docs.docker.com/referenc
 command: periphery --config-path /path/in/container/to/periphery.config.base.toml
 ```

+
+
+## Configuration
+
+The configuration can also be passed as **YAML** or **JSON**.
+You can use the it-tools to convert this TOML file to your preferred format:
+  - YAML: https://it-tools.tech/toml-to-yaml
+  - JSON: https://it-tools.tech/toml-to-json
+
+Quick download to `./komodo/periphery.config.toml`:
+```bash
+wget -P komodo https://raw.githubusercontent.com/moghtech/komodo/main/config/periphery.config.toml
+```
+
+```mdx-code-block
+<RemoteCodeFile
+	title="https://github.com/moghtech/komodo/blob/main/config/periphery.config.toml"
+	url="https://raw.githubusercontent.com/moghtech/komodo/main/config/periphery.config.toml"
+	language="toml"
+/>
+```
+
 ### Passing config files

 Either file paths or directory paths can be passed to `--config-path` (alias: `-c`). By default, no paths will be used, meaning the configuration is entirely
@@ -118,24 +129,4 @@ So if you pass `allowed_ips = []` in your override config, the final allowed_ips

 For example, with `--merge-nested-config true` you can specify an allowed ip in the base config, and another in the override config, they will both be present in the final config.

-Similarly, you can specify a base docker / github account pair, and extend them with additional accounts in the override config.
-
-## Configuration
-
-The configuration can also be passed as **YAML** or **JSON**.
-You can use the it-tools to convert this TOML file to your preferred format:
-  - YAML: https://it-tools.tech/toml-to-yaml
-  - JSON: https://it-tools.tech/toml-to-json
-
-Quick download to `./komodo/periphery.config.toml`:
-```bash
-wget -P komodo https://raw.githubusercontent.com/moghtech/komodo/main/config/periphery.config.toml
-```
-
-```mdx-code-block
-<RemoteCodeFile
-	title="https://github.com/moghtech/komodo/blob/main/config/periphery.config.toml"
-	url="https://raw.githubusercontent.com/moghtech/komodo/main/config/periphery.config.toml"
-	language="toml"
-/>
-```
+Similarly, you can specify a base docker / github account pair, and extend them with additional accounts in the override config.
--- a/docsite/docs/setup/index.mdx
+++ b/docsite/docs/setup/index.mdx
@@ -17,16 +17,6 @@ Users with these systems should use FerretDB instead.
 There is an [**upgrade guide for FerretDB v2** available here](https://github.com/moghtech/komodo/blob/main/bin/cli/docs/copy-database.md#ferretdb-v2-update-guide).
 :::

-### First login
-
-Core should now be accessible on the specified port and navigating to `http://<address>:<port>` will display the login page.
-Enter your preferred admin username and password, and click **"Sign Up"**, _not_ "Log In", to create your admin user for Komodo.
-Any additional users to create accounts will be disabled by default, and must be enabled by an admin.
-
-### Https
-
-Komodo Core only supports http, so a reverse proxy like [caddy](https://caddyserver.com/) should be used for https.
-
 ```mdx-code-block
 import DocCardList from '@theme/DocCardList';

--- a/docsite/docusaurus.config.ts
+++ b/docsite/docusaurus.config.ts
@@ -1,8 +1,8 @@
-import {themes as prismThemes} from 'prism-react-renderer';
-import type {Config} from '@docusaurus/types';
-import type * as Preset from '@docusaurus/preset-classic';
+import { themes as prismThemes } from "prism-react-renderer";
+import type { Config } from "@docusaurus/types";
+import type * as Preset from "@docusaurus/preset-classic";

-import dotenv from "dotenv"
+import dotenv from "dotenv";
 dotenv.config();

 const config: Config = {
@@ -25,7 +25,12 @@ const config: Config = {
  deploymentBranch: "gh-pages-docs",

  onBrokenLinks: "throw",
-  onBrokenMarkdownLinks: "warn",
+
+  markdown: {
+    hooks: {
+      onBrokenMarkdownLinks: "warn",
+    },
+  },

  // Even if you don't use internationalization, you can use this field to set
  // useful metadata like html lang. For example, if your site is Chinese, you