update config and compose envs

2026-04-28 19:59:46 -05:00 · 2025-09-27 13:24:13 -07:00
parent e5822cefb8
commit c34f5ebf49
2 changed files with 18 additions and 7 deletions
--- a/compose/compose.env
+++ b/compose/compose.env
@@ -16,9 +16,6 @@ COMPOSE_KOMODO_BACKUPS_PATH=/etc/komodo/backups
 KOMODO_DB_USERNAME=admin
 KOMODO_DB_PASSWORD=admin

-## Configure a secure passkey to authenticate between Core / Periphery.
-KOMODO_PASSKEY=a_random_passkey
-
 ## Set your time zone for schedules
 ## https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
 TZ=Etc/UTC
@@ -33,6 +30,11 @@ TZ=Etc/UTC
 ## Note. Secret variables also support `${VARIABLE}_FILE` syntax to pass docker compose secrets.
 ## Docs: https://docs.docker.com/compose/how-tos/use-secrets/#examples

+## Private key used with noise handshake during Core <-> Periphery authentication.
+## Compute a public key given private key using `km key compute <private-key>`.
+## 32 characters or less.
+KOMODO_PRIVATE_KEY="default-core-pk"
+
 ## Used for Oauth / Webhook url suggestion / Caddy reverse proxy.
 KOMODO_HOST=https://demo.komo.do
 ## Displayed in the browser tab.
@@ -125,18 +127,21 @@ KOMODO_AWS_SECRET_ACCESS_KEY= # Alt: KOMODO_AWS_SECRET_ACCESS_KEY_FILE
 ## Full variable list + descriptions are available here:
 ## 🦎 https://github.com/moghtech/komodo/blob/main/config/periphery.config.toml 🦎

+## Must include matching public key for KOMODO_PRIVATE_KEY to authenticate.
+## Periphery gains knowledge of the core public key through the noise handshake with Core.
+## Use `km key compute <KOMODO_PRIVATE_KEY>` to compute.
+## If Core is already deployed, can also get it from the UI topbar "key" icon.
+PERIPHERY_CORE_PUBLIC_KEYS="sFIibtOSCFLQelO4b4x6VoYIddkRn9Tj1Nas2eR1ME0="
+
 ## Specify the root directory used by Periphery agent.
 PERIPHERY_ROOT_DIRECTORY=/etc/komodo

-## Periphery passkeys must include KOMODO_PASSKEY to authenticate.
-PERIPHERY_PASSKEYS=${KOMODO_PASSKEY}
-
 ## Specify whether to disable the terminals feature
 ## and disallow remote shell access (inside the Periphery container).
 PERIPHERY_DISABLE_TERMINALS=false

 ## Enable SSL using self signed certificates.
-## Connect to Periphery at https://address:8120.
+## Connect to Periphery at `wss://address:8120` (or just `address:8120`).
 PERIPHERY_SSL_ENABLED=true

 ## If the disk size is overreporting, can use one of these to 
--- a/config/periphery.config.toml
+++ b/config/periphery.config.toml
@@ -60,6 +60,12 @@ connect_as = "server-name"
 # INBOUND MODE #
 ################

+## Enable the inbound connection server for
+## Core -> Periphery connection.
+## Env: PERIHERY_SERVER_ENABLED
+## Default: true
+server_enabled = true
+
 ## Optional. The port the server runs on.
 ## Env: PERIPHERY_PORT
 ## Default: 8120