152 lines
6.0 KiB
Plaintext
152 lines
6.0 KiB
Plaintext
####################################
|
|
# 🦎 KOMODO COMPOSE - VARIABLES 🦎 #
|
|
####################################
|
|
|
|
## These compose variables can be used with all Komodo deployment options.
|
|
## Pass these variables to the compose up command using `--env-file komodo/compose.env`.
|
|
## Additionally, they are passed to both Komodo Core and Komodo Periphery with `env_file: ./compose.env`,
|
|
## so you can pass any additional environment variables to Core / Periphery directly in this file as well.
|
|
|
|
## Stick to a specific version, or use `latest`
|
|
COMPOSE_KOMODO_IMAGE_TAG=latest
|
|
## Store dated database backups on the host - https://komo.do/docs/setup/backup
|
|
COMPOSE_KOMODO_BACKUPS_PATH=/etc/komodo/backups
|
|
|
|
## DB credentials
|
|
KOMODO_DB_USERNAME=admin
|
|
KOMODO_DB_PASSWORD=admin
|
|
|
|
## Configure a secure passkey to authenticate between Core / Periphery.
|
|
KOMODO_PASSKEY=a_random_passkey
|
|
|
|
## Set your time zone for schedules
|
|
## https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
|
|
TZ=Etc/UTC
|
|
|
|
#=-------------------------=#
|
|
#= Komodo Core Environment =#
|
|
#=-------------------------=#
|
|
|
|
## Full variable list + descriptions are available here:
|
|
## 🦎 https://github.com/moghtech/komodo/blob/main/config/core.config.toml 🦎
|
|
|
|
## Note. Secret variables also support `${VARIABLE}_FILE` syntax to pass docker compose secrets.
|
|
## Docs: https://docs.docker.com/compose/how-tos/use-secrets/#examples
|
|
|
|
## Used for Oauth / Webhook url suggestion / Caddy reverse proxy.
|
|
KOMODO_HOST=https://demo.komo.do
|
|
## Displayed in the browser tab.
|
|
KOMODO_TITLE=Komodo
|
|
## Create a server matching this address as the "first server".
|
|
## Use `https://host.docker.internal:8120` when using systemd-managed Periphery.
|
|
KOMODO_FIRST_SERVER=https://periphery:8120
|
|
## Give the first server a custom name.
|
|
KOMODO_FIRST_SERVER_NAME=Local
|
|
## Make all buttons just double-click, rather than the full confirmation dialog.
|
|
KOMODO_DISABLE_CONFIRM_DIALOG=false
|
|
|
|
## Rate Komodo polls your servers for
|
|
## status / container status / system stats / alerting.
|
|
## Options: 1-sec, 5-sec, 15-sec, 1-min, 5-min, 15-min
|
|
## Default: 15-sec
|
|
KOMODO_MONITORING_INTERVAL="15-sec"
|
|
## Interval at which to poll Resources for any updates / automated actions.
|
|
## Options: 15-min, 1-hr, 2-hr, 6-hr, 12-hr, 1-day
|
|
## Default: 1-hr
|
|
KOMODO_RESOURCE_POLL_INTERVAL="1-hr"
|
|
|
|
## Used to auth incoming webhooks. Alt: KOMODO_WEBHOOK_SECRET_FILE
|
|
KOMODO_WEBHOOK_SECRET=a_random_secret
|
|
## Used to generate jwt. Alt: KOMODO_JWT_SECRET_FILE
|
|
KOMODO_JWT_SECRET=a_random_jwt_secret
|
|
## Time to live for jwt tokens.
|
|
## Options: 1-hr, 12-hr, 1-day, 3-day, 1-wk, 2-wk
|
|
KOMODO_JWT_TTL="1-day"
|
|
|
|
## Enable login with username + password.
|
|
KOMODO_LOCAL_AUTH=true
|
|
## Set the initial admin username created upon first launch.
|
|
## Comment out to disable initial user creation,
|
|
## and create first user using signup button.
|
|
KOMODO_INIT_ADMIN_USERNAME=admin
|
|
## Set the initial admin password
|
|
KOMODO_INIT_ADMIN_PASSWORD=changeme
|
|
## Disable new user signups.
|
|
KOMODO_DISABLE_USER_REGISTRATION=false
|
|
## All new logins are auto enabled
|
|
KOMODO_ENABLE_NEW_USERS=false
|
|
## Disable non-admins from creating new resources.
|
|
KOMODO_DISABLE_NON_ADMIN_CREATE=false
|
|
## Allows all users to have Read level access to all resources.
|
|
KOMODO_TRANSPARENT_MODE=false
|
|
|
|
## Prettier logging with empty lines between logs
|
|
KOMODO_LOGGING_PRETTY=false
|
|
## More human readable logging of startup config (multi-line)
|
|
KOMODO_PRETTY_STARTUP_CONFIG=false
|
|
|
|
## OIDC Login
|
|
KOMODO_OIDC_ENABLED=false
|
|
## Must reachable from Komodo Core container
|
|
# KOMODO_OIDC_PROVIDER=https://oidc.provider.internal/application/o/komodo
|
|
## Change the host to one reachable be reachable by users (optional if it is the same as above).
|
|
## DO NOT include the `path` part of the URL.
|
|
# KOMODO_OIDC_REDIRECT_HOST=https://oidc.provider.external
|
|
## Your OIDC client id
|
|
# KOMODO_OIDC_CLIENT_ID= # Alt: KOMODO_OIDC_CLIENT_ID_FILE
|
|
## Your OIDC client secret.
|
|
## If your provider supports PKCE flow, this can be ommitted.
|
|
# KOMODO_OIDC_CLIENT_SECRET= # Alt: KOMODO_OIDC_CLIENT_SECRET_FILE
|
|
## Make usernames the full email.
|
|
## Note. This does not work for all OIDC providers.
|
|
# KOMODO_OIDC_USE_FULL_EMAIL=true
|
|
## Add additional trusted audiences for token claims verification.
|
|
## Supports comma separated list, and passing with _FILE (for compose secrets).
|
|
# KOMODO_OIDC_ADDITIONAL_AUDIENCES=abc,123 # Alt: KOMODO_OIDC_ADDITIONAL_AUDIENCES_FILE
|
|
|
|
## Github Oauth
|
|
KOMODO_GITHUB_OAUTH_ENABLED=false
|
|
# KOMODO_GITHUB_OAUTH_ID= # Alt: KOMODO_GITHUB_OAUTH_ID_FILE
|
|
# KOMODO_GITHUB_OAUTH_SECRET= # Alt: KOMODO_GITHUB_OAUTH_SECRET_FILE
|
|
|
|
## Google Oauth
|
|
KOMODO_GOOGLE_OAUTH_ENABLED=false
|
|
# KOMODO_GOOGLE_OAUTH_ID= # Alt: KOMODO_GOOGLE_OAUTH_ID_FILE
|
|
# KOMODO_GOOGLE_OAUTH_SECRET= # Alt: KOMODO_GOOGLE_OAUTH_SECRET_FILE
|
|
|
|
## Aws - Used to launch Builder instances.
|
|
KOMODO_AWS_ACCESS_KEY_ID= # Alt: KOMODO_AWS_ACCESS_KEY_ID_FILE
|
|
KOMODO_AWS_SECRET_ACCESS_KEY= # Alt: KOMODO_AWS_SECRET_ACCESS_KEY_FILE
|
|
|
|
#=------------------------------=#
|
|
#= Komodo Periphery Environment =#
|
|
#=------------------------------=#
|
|
|
|
## Full variable list + descriptions are available here:
|
|
## 🦎 https://github.com/moghtech/komodo/blob/main/config/periphery.config.toml 🦎
|
|
|
|
## Specify the root directory used by Periphery agent.
|
|
PERIPHERY_ROOT_DIRECTORY=/etc/komodo
|
|
|
|
## Periphery passkeys must include KOMODO_PASSKEY to authenticate.
|
|
PERIPHERY_PASSKEYS=${KOMODO_PASSKEY}
|
|
|
|
## Specify whether to disable the terminals feature
|
|
## and disallow remote shell access (inside the Periphery container).
|
|
PERIPHERY_DISABLE_TERMINALS=false
|
|
|
|
## Enable SSL using self signed certificates.
|
|
## Connect to Periphery at https://address:8120.
|
|
PERIPHERY_SSL_ENABLED=true
|
|
|
|
## If the disk size is overreporting, can use one of these to
|
|
## whitelist / blacklist the disks to filter them, whichever is easier.
|
|
## Accepts comma separated list of paths.
|
|
## Usually whitelisting just /etc/hostname gives correct size.
|
|
PERIPHERY_INCLUDE_DISK_MOUNTS=/etc/hostname
|
|
# PERIPHERY_EXCLUDE_DISK_MOUNTS=/snap,/etc/repos
|
|
|
|
## Prettier logging with empty lines between logs
|
|
PERIPHERY_LOGGING_PRETTY=false
|
|
## More human readable logging of startup config (multi-line)
|
|
PERIPHERY_PRETTY_STARTUP_CONFIG=false |