From 14da445f2b2bcbfa2f3d4233e5ed88cfa884f268 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ma=C3=ABl=20Gramain?= <mael@enpls.org>
Date: Sun, 20 Oct 2024 15:56:25 +0200
Subject: [PATCH] deploy komodo

---
 .gitignore                           |  3 +-
 internals/komodo/core.env            | 60 +++++++++++++++++++++
 internals/komodo/docker-compose.yaml | 81 ++++++++++++++++++++++++++++
 3 files changed, 143 insertions(+), 1 deletion(-)
 create mode 100644 internals/komodo/core.env
 create mode 100644 internals/komodo/docker-compose.yaml

diff --git a/.gitignore b/.gitignore
index 600d2d3..d70df2c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
-.vscode
\ No newline at end of file
+.vscode
+.env.priv
\ No newline at end of file
diff --git a/internals/komodo/core.env b/internals/komodo/core.env
new file mode 100644
index 0000000..0c84cb0
--- /dev/null
+++ b/internals/komodo/core.env
@@ -0,0 +1,60 @@
+COMPOSE_LOGGING_DRIVER=local
+
+#REDACTED DB_USERNAME=
+#REDACTED DB_PASSWORD=
+
+#=-------------------------=#
+#= Komodo Core Environment =#
+#=-------------------------=#
+
+KOMODO_HOST=https://deploy.net.enpls.org 
+KOMODO_TITLE=Deploy
+
+KOMODO_FIRST_SERVER=https://periphery:8120
+KOMODO_DISABLE_CONFIRM_DIALOG=false
+
+KOMODO_MONITORING_INTERVAL="15-sec"
+KOMODO_RESOURCE_POLL_INTERVAL="5-min"
+
+## Used to auth against periphery. Alt: KOMODO_PASSKEY_FILE
+#REDACTED KOMODO_PASSKEY=
+## Used to auth incoming webhooks. Alt: KOMODO_WEBHOOK_SECRET_FILE
+#REDACTED KOMODO_WEBHOOK_SECRET=
+## Used to generate jwt. Alt: KOMODO_JWT_SECRET_FILE
+#REDACTED KOMODO_JWT_SECRET=
+
+## Enable login with username + password.
+KOMODO_LOCAL_AUTH=false
+KOMODO_DISABLE_USER_REGISTRATION=true
+KOMODO_ENABLE_NEW_USERS=true
+KOMODO_DISABLE_NON_ADMIN_CREATE=false
+KOMODO_TRANSPARENT_MODE=false
+
+## Time to live for jwt tokens.
+## Options: 1-hr, 12-hr, 1-day, 3-day, 1-wk, 2-wk
+KOMODO_JWT_TTL="1-day"
+
+## OIDC Login
+KOMODO_OIDC_ENABLED=true
+## Must reachable from Komodo Core container
+KOMODO_OIDC_PROVIDER=https://connect.enpls.org/oidc
+## Must be reachable by users (optional if it is the same as above).
+# KOMODO_OIDC_REDIRECT=https://oidc.provider.external/application/o/komodo
+## Your client credentials
+KOMODO_OIDC_CLIENT_ID=gt67wvsdggzhfdgg194d5 # Alt: KOMODO_OIDC_CLIENT_ID_FILE
+#REDACTED KOMODO_OIDC_CLIENT_SECRET= # Alt: KOMODO_OIDC_CLIENT_SECRET_FILE
+## Make usernames the full email.
+# KOMODO_OIDC_USE_FULL_EMAIL=true
+## Add additional trusted audiences for token claims verification.
+## Supports comma separated list, and passing with _FILE (for compose secrets).
+# KOMODO_OIDC_ADDITIONAL_AUDIENCES=abc,123 # Alt: KOMODO_OIDC_ADDITIONAL_AUDIENCES_FILE
+
+#=------------------------------=#
+#= Komodo Periphery Environment =#
+#=------------------------------=#
+
+## Periphery passkeys must include KOMODO_PASSKEY to authenticate
+#REDACTED PERIPHERY_PASSKEYS=${PASSKEY}
+PERIPHERY_SSL_ENABLED=true
+
+PERIPHERY_INCLUDE_DISK_MOUNTS=/etc/hostname
\ No newline at end of file
diff --git a/internals/komodo/docker-compose.yaml b/internals/komodo/docker-compose.yaml
new file mode 100644
index 0000000..38434e8
--- /dev/null
+++ b/internals/komodo/docker-compose.yaml
@@ -0,0 +1,81 @@
+services:
+  mongo:
+    image: mongo
+    labels:
+      komodo.skip:
+    command: --quiet --wiredTigerCacheSizeGB 0.25
+    restart: unless-stopped
+    logging:
+      driver: ${COMPOSE_LOGGING_DRIVER:-local}
+    networks:
+      - default
+    volumes:
+      - mongo-data:/data/db
+      - mongo-config:/data/configdb
+    environment:
+      MONGO_INITDB_ROOT_USERNAME: ${DB_USERNAME}
+      MONGO_INITDB_ROOT_PASSWORD: ${DB_PASSWORD}
+    env_file:
+      - path: ./core.env
+      - path: ./.env.env
+  core:
+    image: ghcr.io/mbecker20/komodo:${COMPOSE_KOMODO_IMAGE_TAG:-latest}
+    restart: unless-stopped
+    depends_on:
+      - mongo
+    logging:
+      driver: ${COMPOSE_LOGGING_DRIVER:-local}
+    networks:
+      - default
+    ports:
+      - 9120:9120
+    env_file:
+      - path: ./core.env
+      - path: ./.env.env
+    environment:
+      KOMODO_DATABASE_ADDRESS: mongo:27017
+      KOMODO_DATABASE_USERNAME: ${DB_USERNAME}
+      KOMODO_DATABASE_PASSWORD: ${DB_PASSWORD}
+    volumes:
+      - repo-cache:/repo-cache
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.komodo.entryPoints=websecure"
+      - "traefik.http.routers.komodo.rule=Host(`deploy.net.enpls.org`)"
+      - "traefik.http.routers.komodo.tls=true"
+      - "traefik.http.routers.komodo.tls.certresolver=defaultacme"
+      - "traefik.http.routers.komodo.middlewares=proxyHeader@file,proxyError@file"
+      - "komodo.skip:"
+
+  periphery:
+    image: ghcr.io/mbecker20/periphery:${COMPOSE_KOMODO_IMAGE_TAG:-latest}
+    labels:
+      komodo.skip: # Prevent Komodo from stopping with StopAllContainers
+    restart: unless-stopped
+    logging:
+      driver: ${COMPOSE_LOGGING_DRIVER:-local}
+    networks:
+      - default
+    env_file:
+      - path: ./core.env
+      - path: ./.env.env
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /proc:/proc
+      - ssl-certs:/etc/komodo/ssl
+      - repos:/etc/komodo/repos
+      - stacks:/etc/komodo/stacks
+
+volumes:
+  # Mongo
+  mongo-data:
+  mongo-config:
+  # Core
+  repo-cache:
+  # Periphery
+  ssl-certs:
+  repos:
+  stacks:
+
+networks:
+  default: {}