#################################### # 🦎 KOMODO COMPOSE - VARIABLES 🦎 # #################################### ## These compose variables can be used with all Komodo deployment options. ## Pass these variables to the compose up command using `--env-file komodo/compose.env`. ## Additionally, they are passed to both Komodo Core and Komodo Periphery with `env_file: ./compose.env`, ## so you can pass any additional environment variables to Core / Periphery directly in this file as well. ## Stick to a specific version, or use `latest` COMPOSE_KOMODO_IMAGE_TAG=latest ## Store dated database backups on the host - https://komo.do/docs/setup/backup COMPOSE_KOMODO_BACKUPS_PATH=/etc/komodo/backups ## DB credentials KOMODO_DATABASE_USERNAME=admin KOMODO_DATABASE_PASSWORD=admin ## Set your time zone for schedules ## https://en.wikipedia.org/wiki/List_of_tz_database_time_zones TZ=Etc/UTC #=-------------------------=# #= Komodo Core Environment =# #=-------------------------=# ## Full variable list + descriptions are available here: ## 🦎 https://github.com/moghtech/komodo/blob/main/config/core.config.toml 🦎 ## Note. Secret variables also support `${VARIABLE}_FILE` syntax to pass docker compose secrets. ## Docs: https://docs.docker.com/compose/how-tos/use-secrets/#examples ## Used for Oauth / Webhook url suggestion. KOMODO_HOST=https://demo.komo.do ## Displayed in the browser tab. KOMODO_TITLE=Komodo ## Enable login with username + password. KOMODO_LOCAL_AUTH=true ## Set the initial admin username created upon first launch. ## Comment out to disable initial user creation, ## and create first user using signup button. KOMODO_INIT_ADMIN_USERNAME=admin ## Set the initial admin password KOMODO_INIT_ADMIN_PASSWORD=changeme ## Private key used with noise handshake during Core <-> Periphery authentication. ## Compute a public key given private key using `km key compute `. ## 32 characters or less. KOMODO_PRIVATE_KEY="default-core-pk" ## Create a server matching this address as the "first server". ## Use `https://host.docker.internal:8120` when using systemd-managed Periphery. KOMODO_FIRST_SERVER=https://periphery:8120 ## Give the first server a custom name. KOMODO_FIRST_SERVER_NAME=Local ## Make execute buttons just double-click, rather than the full confirmation dialog. KOMODO_DISABLE_CONFIRM_DIALOG=false ## Used to auth incoming webhooks. Alt: KOMODO_WEBHOOK_SECRET_FILE KOMODO_WEBHOOK_SECRET=a_random_secret ## Used to generate jwt. Alt: KOMODO_JWT_SECRET_FILE KOMODO_JWT_SECRET=a_random_jwt_secret ## Time to live for jwt tokens. ## Options: 1-hr, 12-hr, 1-day, 3-day, 1-wk, 2-wk KOMODO_JWT_TTL="1-day" ## Rate Komodo polls your servers for ## status / container status / system stats / alerting. ## Options: 1-sec, 5-sec, 15-sec, 1-min, 5-min, 15-min ## Default: 15-sec KOMODO_MONITORING_INTERVAL="15-sec" ## Interval at which to poll Resources for any updates / automated actions. ## Options: 5-min, 15-min, 1-hr, 2-hr, 6-hr, 12-hr, 1-day ## Default: 1-hr KOMODO_RESOURCE_POLL_INTERVAL="1-hr" ## Disable new user signups. KOMODO_DISABLE_USER_REGISTRATION=false ## All new logins are auto enabled KOMODO_ENABLE_NEW_USERS=false ## Disable non-admins from creating new resources. KOMODO_DISABLE_NON_ADMIN_CREATE=false ## Allows all users to have Read level access to all resources. KOMODO_TRANSPARENT_MODE=false ## OIDC Login KOMODO_OIDC_ENABLED=false ## Must reachable from Komodo Core container # KOMODO_OIDC_PROVIDER=https://oidc.provider.internal/application/o/komodo ## Change the host to one reachable be reachable by users (optional if it is the same as above). ## DO NOT include the `path` part of the URL. # KOMODO_OIDC_REDIRECT_HOST=https://oidc.provider.external ## Your OIDC client id # KOMODO_OIDC_CLIENT_ID= # Alt: KOMODO_OIDC_CLIENT_ID_FILE ## Your OIDC client secret. ## If your provider supports PKCE flow, this can be ommitted. # KOMODO_OIDC_CLIENT_SECRET= # Alt: KOMODO_OIDC_CLIENT_SECRET_FILE ## Make usernames the full email. ## Note. This does not work for all OIDC providers. # KOMODO_OIDC_USE_FULL_EMAIL=true ## Add additional trusted audiences for token claims verification. ## Supports comma separated list, and passing with _FILE (for compose secrets). # KOMODO_OIDC_ADDITIONAL_AUDIENCES=abc,123 # Alt: KOMODO_OIDC_ADDITIONAL_AUDIENCES_FILE ## Github Oauth KOMODO_GITHUB_OAUTH_ENABLED=false # KOMODO_GITHUB_OAUTH_ID= # Alt: KOMODO_GITHUB_OAUTH_ID_FILE # KOMODO_GITHUB_OAUTH_SECRET= # Alt: KOMODO_GITHUB_OAUTH_SECRET_FILE ## Google Oauth KOMODO_GOOGLE_OAUTH_ENABLED=false # KOMODO_GOOGLE_OAUTH_ID= # Alt: KOMODO_GOOGLE_OAUTH_ID_FILE # KOMODO_GOOGLE_OAUTH_SECRET= # Alt: KOMODO_GOOGLE_OAUTH_SECRET_FILE ## Aws - Used to launch Builder instances. KOMODO_AWS_ACCESS_KEY_ID= # Alt: KOMODO_AWS_ACCESS_KEY_ID_FILE KOMODO_AWS_SECRET_ACCESS_KEY= # Alt: KOMODO_AWS_SECRET_ACCESS_KEY_FILE ## Prettier logging with empty lines between logs KOMODO_LOGGING_PRETTY=false ## More human readable logging of startup config (multi-line) KOMODO_PRETTY_STARTUP_CONFIG=false #=------------------------------=# #= Komodo Periphery Environment =# #=------------------------------=# ## Full variable list + descriptions are available here: ## 🦎 https://github.com/moghtech/komodo/blob/main/config/periphery.config.toml 🦎 ## Must include matching public key for KOMODO_PRIVATE_KEY to authenticate. ## Periphery gains knowledge of the core public key through the noise handshake with Core. ## Use `km key compute ` to compute. ## If Core is already deployed, can also get it from the UI topbar "key" icon. PERIPHERY_CORE_PUBLIC_KEYS="sFIibtOSCFLQelO4b4x6VoYIddkRn9Tj1Nas2eR1ME0=" ## Specify the root directory used by Periphery agent. ## All your compose files and repos need to be inside this directory ## for Periphery to interact with them. PERIPHERY_ROOT_DIRECTORY=/etc/komodo ## Specify whether to disable the terminals feature ## and disallow remote shell access (inside the Periphery container). PERIPHERY_DISABLE_TERMINALS=false ## Specify whether to disable the container exec feature ## and disallow remote container shell access. PERIPHERY_DISABLE_CONTAINER_EXEC=false ## If the disk size is overreporting, can use one of these to ## whitelist / blacklist the disks to filter them, whichever is easier. ## Accepts comma separated list of paths. ## Usually whitelisting just /etc/hostname gives correct size. PERIPHERY_INCLUDE_DISK_MOUNTS=/etc/hostname # PERIPHERY_EXCLUDE_DISK_MOUNTS=/snap,/etc/repos ## Prettier logging with empty lines between logs PERIPHERY_LOGGING_PRETTY=false ## More human readable logging of startup config (multi-line) PERIPHERY_PRETTY_STARTUP_CONFIG=false