Finish Komodo setup

Add OIDC snippet to Caddyfile
Add komodo to Caddyfile

komodo/docker-compose.yml

@@ -6,7 +6,6 @@
 ##   1. MongoDB
 ##   2. Komodo Core
 ##   3. Komodo Periphery
-
 name: komodo
 services:
   db:
@@ -22,13 +21,15 @@ services:
     # ports:
     #   - 27017:27017
     volumes:
-      - mongo-data:/data/db
-      - mongo-config:/data/configdb
+      - ./data/mongo-data:/data/db
+      - ./config/mongo-config:/data/configdb
     environment:
-      MONGO_INITDB_ROOT_USERNAME: ${DB_USERNAME}
-      MONGO_INITDB_ROOT_PASSWORD: ${DB_PASSWORD}
+      MONGO_INITDB_ROOT_USERNAME: ${KOMODO_DB_USERNAME}
+      MONGO_INITDB_ROOT_PASSWORD_FILE: ${KOMODO_DB_PASSWORD_FILE}
+    secrets:
+      - KOMODO_DB_PASSWORD
   
-  core:
+  app:
     image: ghcr.io/mbecker20/komodo:${COMPOSE_KOMODO_IMAGE_TAG:-latest}
     labels:
       komodo.skip: # Prevent Komodo from stopping with StopAllContainers
@@ -39,24 +40,29 @@ services:
       driver: ${COMPOSE_LOGGING_DRIVER:-local}
     networks:
       - default
+      - proxy-net
     ports:
       - 9120:9120
-    env_file: ./compose.env
+    env_file: ./.env
     environment:
       KOMODO_DATABASE_ADDRESS: db:27017
-      KOMODO_DATABASE_USERNAME: ${DB_USERNAME}
-      KOMODO_DATABASE_PASSWORD: ${DB_PASSWORD}
+      KOMODO_DATABASE_USERNAME: ${KOMODO_DB_USERNAME}
+      KOMODO_DATABASE_PASSWORD_FILE: ${KOMODO_DB_PASSWORD_FILE}
+      KOMODO_LOGGING_LEVEL: info
     volumes:
       ## Core cache for repos for latest commit hash / contents
-      - repo-cache:/repo-cache
+      - ./data/repo-cache:/repo-cache
       ## Store sync files on server
-      # - /path/to/syncs:/syncs
+      - ./data/syncs:/syncs
       ## Optionally mount a custom core.config.toml
       # - /path/to/core.config.toml:/config/config.toml
-    ## Allows for systemd Periphery connection at 
-    ## "http://host.docker.internal:8120"
-    # extra_hosts:
-    #   - host.docker.internal:host-gateway
+    secrets:
+      - KOMODO_DB_PASSWORD
+      - KOMODO_PASSKEY
+      - KOMODO_WEBHOOK_SECRET
+      - KOMODO_JWT_SECRET
+      - KOMODO_OIDC_CLIENT_SECRET
+      - KOMODO_OIDC_CLIENT_ID
 
   ## Deploy Periphery container using this block,
   ## or deploy the Periphery binary with systemd using 
@@ -70,34 +76,40 @@ services:
       driver: ${COMPOSE_LOGGING_DRIVER:-local}
     networks:
       - default
-    env_file: ./compose.env
+    env_file: ./.env
+    environment:
+      PERIPHERY_REPO_DIR: ${PERIPHERY_ROOT_DIRECTORY:-/etc/komodo}/repos
+      PERIPHERY_STACK_DIR: ${PERIPHERY_ROOT_DIRECTORY:-/etc/komodo}/stacks
+      PERIPHERY_SSL_KEY_FILE: ${PERIPHERY_ROOT_DIRECTORY:-/etc/komodo}/ssl/key.pem
+      PERIPHERY_SSL_CERT_FILE: ${PERIPHERY_ROOT_DIRECTORY:-/etc/komodo}/ssl/cert.pem
     volumes:
       ## Mount external docker socket
       - /var/run/docker.sock:/var/run/docker.sock
       ## Allow Periphery to see processes outside of container
       - /proc:/proc
-      ## use self signed certs in docker volume, 
-      ## or mount your own signed certs.
-      - ssl-certs:/etc/komodo/ssl
-      ## manage repos in a docker volume, 
-      ## or change it to an accessible host directory.
-      - repos:/etc/komodo/repos
-      ## manage stack files in a docker volume, 
-      ## or change it to an accessible host directory.
-      - stacks:/etc/komodo/stacks
-      ## Optionally mount a path to store compose files
-      # - /path/to/compose:/host/compose
-
-volumes:
-  # Mongo
-  mongo-data:
-  mongo-config:
-  # Core
-  repo-cache:
-  # Periphery
-  ssl-certs:
-  repos:
-  stacks:
+      ## Specify the Periphery agent root directory.
+      ## Must be the same inside and outside the container,
+      ## or docker will get confused. See https://github.com/mbecker20/komodo/discussions/180.
+      ## Default: /etc/komodo.
+      - ${PERIPHERY_ROOT_DIRECTORY:-/etc/komodo}:${PERIPHERY_ROOT_DIRECTORY:-/etc/komodo}
+    secrets:
+      - KOMODO_PASSKEY
 
 networks:
-  default: {}
+  default: {}
+  proxy-net:
+    external: true
+
+secrets:
+  KOMODO_DB_PASSWORD:
+    file: ./secrets/KOMODO_DB_PASSWORD
+  KOMODO_PASSKEY:
+    file: ./secrets/KOMODO_PASSKEY
+  KOMODO_WEBHOOK_SECRET:
+    file: ./secrets/KOMODO_WEBHOOK_SECRET
+  KOMODO_JWT_SECRET:
+    file: ./secrets/KOMODO_JWT_SECRET
+  KOMODO_OIDC_CLIENT_SECRET:
+    file: ./secrets/KOMODO_OIDC_CLIENT_SECRET
+  KOMODO_OIDC_CLIENT_ID:
+    file: ./secrets/KOMODO_OIDC_CLIENT_ID