Finish Komodo setup

Add OIDC snippet to Caddyfile
Add komodo to Caddyfile

komodo/.env

@@ -12,14 +12,14 @@ COMPOSE_KOMODO_IMAGE_TAG=latest
 
 ## Note: 🚨 Podman does NOT support local logging driver 🚨. See Podman options here:
 ## `https://docs.podman.io/en/v4.6.1/markdown/podman-run.1.html#log-driver-driver`
-COMPOSE_LOGGING_DRIVER=local # Enable log rotation with the local driver.
+COMPOSE_LOGGING_DRIVER=journald # Enable log rotation with the local driver.
 
 ## DB credentials - Ignored for Sqlite
-DB_USERNAME=admin
-DB_PASSWORD=admin
+KOMODO_DB_USERNAME=admin
+KOMODO_DB_PASSWORD_FILE=/run/secrets/KOMODO_DB_PASSWORD
 
 ## Configure a secure passkey to authenticate between Core / Periphery.
-PASSKEY=a_random_passkey
+KOMODO_PASSKEY_FILE=/run/secrets/KOMODO_PASSKEY
 
 #=-------------------------=#
 #= Komodo Core Environment =#
@@ -32,7 +32,7 @@ PASSKEY=a_random_passkey
 ## Docs: https://docs.docker.com/compose/how-tos/use-secrets/#examples
 
 ## Used for Oauth / Webhook url suggestion / Caddy reverse proxy.
-KOMODO_HOST=https://demo.komo.do
+KOMODO_HOST=https://komodo.tremendousturtle.tools
 ## Displayed in the browser tab.
 KOMODO_TITLE=Komodo
 ## Create a server matching this address as the "first server".
@@ -45,22 +45,20 @@ KOMODO_DISABLE_CONFIRM_DIALOG=false
 ## status / container status / system stats / alerting.
 ## Options: 1-sec, 5-sec, 15-sec, 1-min, 5-min.
 ## Default: 15-sec
-KOMODO_MONITORING_INTERVAL="15-sec"
+KOMODO_MONITORING_INTERVAL="5-sec"
 ## Rate Komodo polls Resources for updates,
 ## like outdated commit hash.
 ## Options: 1-min, 5-min, 15-min, 30-min, 1-hr.
 ## Default: 5-min
-KOMODO_RESOURCE_POLL_INTERVAL="5-min"
+KOMODO_RESOURCE_POLL_INTERVAL="1-min"
 
-## Used to auth against periphery. Alt: KOMODO_PASSKEY_FILE
-KOMODO_PASSKEY=${PASSKEY}
 ## Used to auth incoming webhooks. Alt: KOMODO_WEBHOOK_SECRET_FILE
-KOMODO_WEBHOOK_SECRET=a_random_secret
+KOMODO_WEBHOOK_SECRET_FILE=/run/secrets/KOMODO_WEBHOOK_SECRET
 ## Used to generate jwt. Alt: KOMODO_JWT_SECRET_FILE
-KOMODO_JWT_SECRET=a_random_jwt_secret
+KOMODO_JWT_SECRET_FILE=/run/secrets/KOMODO_JWT_SECRET
 
 ## Enable login with username + password.
-KOMODO_LOCAL_AUTH=true
+KOMODO_LOCAL_AUTH=false
 ## Disable new user signups.
 KOMODO_DISABLE_USER_REGISTRATION=false
 ## All new logins are auto enabled
@@ -72,18 +70,18 @@ KOMODO_TRANSPARENT_MODE=false
 
 ## Time to live for jwt tokens.
 ## Options: 1-hr, 12-hr, 1-day, 3-day, 1-wk, 2-wk
-KOMODO_JWT_TTL="1-day"
+KOMODO_JWT_TTL="1-wk"
 
 ## OIDC Login
-KOMODO_OIDC_ENABLED=false
+KOMODO_OIDC_ENABLED=true
 ## Must reachable from Komodo Core container
-# KOMODO_OIDC_PROVIDER=https://oidc.provider.internal/application/o/komodo
+KOMODO_OIDC_PROVIDER=https://authentik.tremendousturtle.tools/application/o/komodo/
 ## Change the host to one reachable be reachable by users (optional if it is the same as above).
 ## DO NOT include the `path` part of the URL.
-# KOMODO_OIDC_REDIRECT_HOST=https://oidc.provider.external
+KOMODO_OIDC_REDIRECT_HOST=https://authentik.tremendousturtle.tools
 ## Your client credentials
-# KOMODO_OIDC_CLIENT_ID= # Alt: KOMODO_OIDC_CLIENT_ID_FILE
-# KOMODO_OIDC_CLIENT_SECRET= # Alt: KOMODO_OIDC_CLIENT_SECRET_FILE
+KOMODO_OIDC_CLIENT_ID_FILE=/run/secrets/KOMODO_OIDC_CLIENT_ID # Alt: KOMODO_OIDC_CLIENT_ID_FILE
+KOMODO_OIDC_CLIENT_SECRET_FILE=/run/secrets/KOMODO_OIDC_CLIENT_SECRET # Alt: KOMODO_OIDC_CLIENT_SECRET_FILE
 ## Make usernames the full email.
 # KOMODO_OIDC_USE_FULL_EMAIL=true
 ## Add additional trusted audiences for token claims verification.
@@ -115,8 +113,11 @@ KOMODO_HETZNER_TOKEN= # Alt: KOMODO_HETZNER_TOKEN_FILE
 ## Full variable list + descriptions are available here:
 ## 🦎 https://github.com/mbecker20/komodo/blob/main/config/periphery.config.toml 🦎
 
-## Periphery passkeys must include KOMODO_PASSKEY to authenticate
-PERIPHERY_PASSKEYS=${PASSKEY}
+## Periphery passkeys must include KOMODO_PASSKEY to authenticate.
+PERIPHERY_PASSKEYS_FILE=${KOMODO_PASSKEY_FILE}
+
+## Specify the root directory used by Periphery agent.
+PERIPHERY_ROOT_DIRECTORY=/etc/komodo
 
 ## Enable SSL using self signed certificates.
 ## Connect to Periphery at https://address:8120.