From de5a5dc7d33dcdd643ea6faa3c7d796cf33fd4ba Mon Sep 17 00:00:00 2001
From: ryuupendragon <ryuu@ryuu.in>
Date: Fri, 15 Aug 2025 18:52:57 +0530
Subject: [PATCH] Add config files for komodo

---
 komodo/core.config.toml                | 490 +++++++++++++++++++++++++
 komodo/periphery.config.toml           | 221 +++++++++++
 komodo_periphery/periphery.config.toml | 221 +++++++++++
 3 files changed, 932 insertions(+)
 create mode 100644 komodo/core.config.toml
 create mode 100644 komodo/periphery.config.toml
 create mode 100644 komodo_periphery/periphery.config.toml

diff --git a/komodo/core.config.toml b/komodo/core.config.toml
new file mode 100644
index 0000000..365794b
--- /dev/null
+++ b/komodo/core.config.toml
@@ -0,0 +1,490 @@
+###########################
+# 🦎 KOMODO CORE CONFIG 🦎 #
+###########################
+
+## This is the offical "Default" config file for Komodo Core.
+## It serves as documentation for the meaning of the fields.
+## It is located at `https://github.com/moghtech/komodo/blob/main/config/core.config.toml`.
+
+## All fields with a "Default" provided are optional. If they are
+## left out of the file, the "Default" value will be used.
+
+## This file is bundled into the official image, `ghcr.io/moghtech/komodo`,
+## as the default config at `/config/config.toml`.
+## Komodo can start with no external config file mounted.
+
+## There is usually no need to create this file on your host.
+## Most fields can instead be configured using environment variables.
+## Environment variables will override values set in this file.
+
+## This will be the document title on the web page.
+## Env: KOMODO_TITLE
+## Default: 'Komodo'
+title = "Komodo"
+
+## This should be the url used to access Komodo in browser, potentially behind DNS.
+## Eg https://komodo.example.com or http://12.34.56.78:9120. This should match the address configured in your Oauth app.
+## Env: KOMODO_HOST
+## Required, no default.
+host = "https://demo.komo.do"
+
+## The port the core system will run on.
+## Env: KOMODO_PORT
+## Default: 9120
+port = 9120
+
+## The IP address the core server will bind to.
+## The default will allow it to accept external IPv4 and IPv6 connections.
+## Env: KOMODO_BIND_IP
+## Default: [::]
+bind_ip = "[::]"
+
+## This is the token used to authenticate core requests to periphery.
+## Ensure this matches a passkey in the connected periphery configs.
+## If the periphery servers don't have passkeys configured, this doesn't need to be changed.
+## Env: KOMODO_PASSKEY or KOMODO_PASSKEY_FILE
+## Required, no default
+passkey = "a_random_passkey"
+
+## Ensure a server with this address exists on Core
+## upon first startup. Example: `https://periphery:8120`
+## Env: KOMODO_FIRST_SERVER
+## Optional, no default.
+first_server = ""
+
+## Disables write support on resources in the UI.
+## This protects users that that would normally have write priviledges during their UI usage,
+## when they intend to fully rely on ResourceSyncs to manage config.
+## Env: KOMODO_UI_WRITE_DISABLED
+## Default: false
+ui_write_disabled = false
+
+## Disables the confirm dialogs on all actions. All buttons will now be double-click.
+## Useful when only having http connection to core, as UI quick-copy button won't work.
+## Env: KOMODO_DISABLE_CONFIRM_DIALOG
+## Default: false
+disable_confirm_dialog = false
+
+## Disables UI websocket automatic reconnection.
+## Users will still be able to trigger reconnect by clicking the connection indicator.
+## Env: KOMODO_DISABLE_WEBSOCKET_RECONNECT
+## Default: false
+disable_websocket_reconnect = false
+
+## Configure the directory for sync files (inside the container).
+## There shouldn't be a need to change this, just mount a volume.
+## Env: KOMODO_SYNC_DIRECTORY
+## Default: /syncs
+sync_directory = "/syncs"
+
+## Configure the repo directory (inside the container).
+## There shouldn't be a need to change this, just mount a volume.
+## Env: KOMODO_REPO_DIRECTORY
+## Default: /repo-cache
+repo_directory = "/repo-cache"
+
+## Configure the action directory (inside the container).
+## There shouldn't be a need to change this, or even mount a volume.
+## Env: KOMODO_ACTION_DIRECTORY
+## Default: /action-cache
+action_directory = "/action-cache"
+
+################
+# AUTH / LOGIN #
+################
+
+## Allow user login with a username / password.
+## The password will be hashed and stored in the db for login comparison.
+##
+## NOTE:
+## Komodo has no API to recover account logins, but if this happens you can doctor the database using Mongo Compass.
+## Create a new Komodo user (Sign Up button), login to the database with Compass, note down your old users username and _id.
+## Then delete the old user, and update the new user to have the same username and _id. 
+## Make sure to set `enabled: true` and maybe `admin: true` on the new user as well, while using Compass.
+##
+## Env: KOMODO_LOCAL_AUTH
+## Default: false
+local_auth = false
+
+## Normally new users will be registered, but not enabled until an Admin enables them.
+## With `disable_user_registration = true`, only the first user to log in will registered as a user.
+## Env: KOMODO_DISABLE_USER_REGISTRATION
+## Default: false
+disable_user_registration = false
+
+## New users will be automatically enabled when they sign up.
+## Otherwise, new users will be disabled on first login.
+## The first user to login will always be enabled on creation.
+## Env: KOMODO_ENABLE_NEW_USERS
+## Default: false
+enable_new_users = false
+
+## Allows all users to have Read level access to all resources.
+## Env: KOMODO_TRANSPARENT_MODE
+## Default: false
+transparent_mode = false
+
+## Normally all enabled users can create resources.
+## If `disable_non_admin_create = true`, only admin users can create resources.
+## Env: KOMODO_DISABLE_NON_ADMIN_CREATE
+## Default: false
+disable_non_admin_create = false
+
+## Normally users can update their username / password using the API.
+## This will disable this ability for specific users or all users.
+## Example:
+##  - `lock_login_credentials_for = []` will allow all users to update username / password.
+##  - `lock_login_credentials_for = ["demo"]` will block the demo user from doing so.
+##  - `lock_login_credentials_for = ["__ALL__"]` will block all users.
+## Env: KOMODO_LOCK_LOGIN_CREDENTIALS_FOR
+## Default: empty list
+lock_login_credentials_for = []
+
+## Optionally provide a specific jwt secret.
+## Passing nothing or an empty string will cause one to be generated on every startup.
+## This means users will have to log in again if Komodo restarts.
+## Env: KOMODO_JWT_SECRET or KOMODO_JWT_SECRET_FILE
+## Default: empty string, meaning a random secret will be generated at startup.
+jwt_secret = ""
+
+## Specify how long a user can stay logged in before they have to log in again.
+## All jwts are invalidated on application restart unless `jwt_secret` is set.
+## Env: KOMODO_JWT_TTL
+## Options: https://docs.rs/komodo_client/latest/komodo_client/entities/enum.Timelength.html
+## Default: 1-day. 
+jwt_ttl = "1-day"
+
+#############
+# OIDC Auth #
+#############
+
+## Enable logins with configured OIDC provider.
+## Env: KOMODO_OIDC_ENABLED
+## Default: false
+oidc_enabled = false
+
+## Give the provider address.
+##
+## The path, ie /application/o/komodo for Authentik,
+## is provider and configuration specific.
+##
+## Note. this address must be reachable from Komodo Core container.
+##
+## Env: KOMODO_OIDC_PROVIDER
+## Optional, no default.
+oidc_provider = "https://oidc.provider.internal/application/o/komodo"
+
+## Configure OIDC user redirect host.
+##
+## This is the host address users are redirected to in their browser,
+## and may be different from `oidc_provider` host depending on your networking.
+## If not provided (or empty string ""), the `oidc_provider` will be used.
+##
+## Note. DO NOT include the `path` part of the URL.
+## Example: `https://oidc.provider.external`
+##
+## Env: KOMODO_OIDC_REDIRECT_HOST
+## Optional, no default.
+oidc_redirect_host = ""
+
+## Set the OIDC Client ID.
+## Env: KOMODO_OIDC_CLIENT_ID or KOMODO_OIDC_CLIENT_ID_FILE
+oidc_client_id = ""
+
+## Set the OIDC Client Secret.
+## If the OIDC provider supports PKCE-only flow,
+## the client secret is not necessary and can be ommitted or left empty.
+## Env: KOMODO_OIDC_CLIENT_SECRET or KOMODO_OIDC_CLIENT_SECRET_FILE
+oidc_client_secret = ""
+
+## If true, use the full email for usernames.
+## Otherwise, the @address will be stripped,
+## making usernames more concise.
+## Note. This does not work for all OIDC providers.
+## Env: KOMODO_OIDC_USE_FULL_EMAIL
+## Default: false.
+oidc_use_full_email = false
+
+## Some providers attach other audiences in addition to the client_id.
+## If you have this issue, `Invalid audiences: `...` is not a trusted audience"`,
+## you can add the audience `...` to the list here (assuming it should be trusted).
+## Env: KOMODO_OIDC_ADDITIONAL_AUDIENCES or KOMODO_OIDC_ADDITIONAL_AUDIENCES_FILE
+## Default: empty
+oidc_additional_audiences = []
+
+#########
+# OAUTH #
+#########
+
+## Google
+
+## Env: KOMODO_GOOGLE_OAUTH_ENABLED
+## Default: false
+google_oauth.enabled = false
+
+## Env: KOMODO_GOOGLE_OAUTH_ID or KOMODO_GOOGLE_OAUTH_ID_FILE
+## Required if google_oauth is enabled.
+google_oauth.id = ""
+
+## Env: KOMODO_GOOGLE_OAUTH_SECRET or KOMODO_GOOGLE_OAUTH_SECRET_FILE
+## Required if google_oauth is enabled.
+google_oauth.secret = ""
+
+## Github
+
+## Env: KOMODO_GITHUB_OAUTH_ENABLED
+## Default: false
+github_oauth.enabled = false
+
+## Env: KOMODO_GITHUB_OAUTH_ID or KOMODO_GITHUB_OAUTH_ID_FILE
+## Required if github_oauth is enabled.
+github_oauth.id = ""
+
+## Env: KOMODO_GITHUB_OAUTH_SECRET or KOMODO_GITHUB_OAUTH_SECRET_FILE
+## Required if github_oauth is enabled.
+github_oauth.secret = ""
+
+##################
+# POLL INTERVALS #
+##################
+
+## Controls the rate at which servers are polled for health, system stats, and container status.
+## This affects network usage, and the size of the stats stored in mongo.
+## Env: KOMODO_MONITORING_INTERVAL
+## Options: https://docs.rs/komodo_client/latest/komodo_client/entities/enum.Timelength.html
+## Default: 15-sec
+monitoring_interval = "15-sec"
+
+## Interval at which to poll Resources for any updates / automated actions.
+## Env: KOMODO_RESOURCE_POLL_INTERVAL
+## Options: https://docs.rs/komodo_client/latest/komodo_client/entities/enum.Timelength.html
+## Default: 1-hr
+resource_poll_interval = "1-hr"
+
+############
+# Security #
+############
+
+## Enable HTTPS server using the given key and cert.
+## Env: KOMODO_SSL_ENABLED
+## Default: false
+ssl_enabled = false
+
+## Path to the ssl key.
+## Env: KOMODO_SSL_KEY_FILE
+## Default: /config/ssl/key.pem
+ssl_key_file = "/config/ssl/key.pem"
+
+## Path to the ssl cert.
+## Env: KOMODO_SSL_CERT_FILE
+## Default: /config/ssl/cert.pem
+ssl_cert_file = "/config/ssl/cert.pem"
+
+############
+# DATABASE #
+############
+
+## Configure the database connection in one of the following ways:
+
+## Pass a full Mongo URI to the database.
+## Example: mongodb://username:password@localhost:27017
+## Env: KOMODO_DATABASE_URI or KOMODO_DATABASE_URI_FILE
+## Optional, can usually use `address`, `username`, `password` instead.
+database.uri = ""
+
+## ==== * OR * ==== ##
+
+# Construct the address as mongodb://{username}:{password}@{address}
+## Env: KOMODO_DATABASE_ADDRESS
+database.address = "localhost:27017"
+## Env: KOMODO_DATABASE_USERNAME or KOMODO_DATABASE_USERNAME_FILE
+database.username = ""
+## Env: KOMODO_DATABASE_PASSWORD or KOMODO_DATABASE_PASSWORD_FILE
+database.password = ""
+
+## ==== other ====
+
+## Komodo will create its collections under this database name.
+## The only reason to change this is if multiple Komodo Cores share the same db.
+## Env: KOMODO_DATABASE_DB_NAME
+## Default: komodo.
+database.db_name = "komodo"
+
+## This is the assigned app_name of the mongo client.
+## The only reason to change this is if multiple Komodo Cores share the same db.
+## Env: KOMODO_DATABASE_APP_NAME
+## Default: komodo_core.
+database.app_name = "komodo_core"
+
+############
+# WEBHOOKS #
+############
+
+## This token must be given to git provider during repo webhook config.
+## The secret configured on the git provider side must match the secret configured here.
+## If not provided, 
+## Env: KOMODO_WEBHOOK_SECRET or KOMODO_WEBHOOK_SECRET_FILE
+## Optional, no default.
+webhook_secret = "a_random_webhook_secret"
+
+## An alternate base url that is used to recieve git webhook requests.
+## If empty or not specified, will use 'host' address as base.
+## This is useful if Komodo is on an internal network, but can have a
+## proxy just allowing through the webhook listener api using NGINX.
+## Env: KOMODO_WEBHOOK_BASE_URL
+## Default: empty (none)
+webhook_base_url = ""
+
+## Configure Github webhook app. Enables webhook management apis.
+## <INSERT LINK TO GUIDE>
+## Env: KOMODO_GITHUB_WEBHOOK_APP_APP_ID or KOMODO_GITHUB_WEBHOOK_APP_APP_ID_FILE
+# github_webhook_app.app_id = 1234455 # Find on the app page.
+## Env: 
+##   - KOMODO_GITHUB_WEBHOOK_APP_INSTALLATIONS_IDS or KOMODO_GITHUB_WEBHOOK_APP_INSTALLATIONS_IDS_FILE
+##   - KOMODO_GITHUB_WEBHOOK_APP_INSTALLATIONS_NAMESPACES
+# github_webhook_app.installations = [
+#   ## Find the id after installing the app to user / organization. "namespace" is the username / organization name.
+#   { id = 1234, namespace = "mbecker20" }
+# ]
+
+## The path to Github webhook app private key. <INSERT LINK TO GUIDE>
+## This is defaulted to `/github/private-key.pem`, and doesn't need to be changed if running core in Docker.
+## Just mount the private key pem file on the host to `/github/private-key.pem` in the container.
+## Eg. `/your/path/to/key.pem : /github/private-key.pem`
+## Env: KOMODO_GITHUB_WEBHOOK_APP_PK_PATH
+# github_webhook_app.pk_path = "/path/to/pk.pem"
+
+###########
+# LOGGING #
+###########
+
+## Specify the logging verbosity
+## Env: KOMODO_LOGGING_LEVEL
+## Options: off, error, warn, info, debug, trace
+## Default: info
+logging.level = "info"
+
+## Specify the logging format.
+## Env: KOMODO_LOGGING_STDIO
+## Options: standard, json, none
+## Default: standard
+logging.stdio = "standard"
+
+## Optionally specify a opentelemetry otlp endpoint to send traces to.
+## Example: http://localhost:4317
+## Env: KOMODO_LOGGING_OTLP_ENDPOINT
+logging.otlp_endpoint = ""
+
+## Set the opentelemetry service name.
+## This will be attached to the telemetry Komodo will send.
+## Env: KOMODO_LOGGING_OPENTELEMETRY_SERVICE_NAME
+## Default: "Komodo"
+logging.opentelemetry_service_name = "Komodo"
+
+## Specify whether logging is more human readable.
+## Note. Single logs will span multiple lines.
+## Env: KOMODO_LOGGING_PRETTY
+## Default: false
+logging.pretty = false
+
+## Specify whether startup config log
+## is more human readable (multi-line)
+## Env: KOMODO_PRETTY_STARTUP_CONFIG
+## Default: false
+pretty_startup_config = false
+
+###########
+# PRUNING #
+###########
+
+## The number of days to keep historical system stats around, or 0 to disable pruning. 
+## Stats older that are than this number of days are deleted on a daily cycle.
+## Env: KOMODO_KEEP_STATS_FOR_DAYS
+## Default: 14
+keep_stats_for_days = 14
+
+## The number of days to keep alerts around, or 0 to disable pruning. 
+## Alerts older that are than this number of days are deleted on a daily cycle.
+## Env: KOMODO_KEEP_ALERTS_FOR_DAYS
+## Default: 14
+keep_alerts_for_days = 14
+
+###################
+# CLOUD PROVIDERS #
+###################
+
+## Komodo can build images by deploying AWS EC2 instances,
+## running the build, and afterwards destroying the instance.
+
+## Provide AWS api keys for ephemeral builders
+## Env: KOMODO_AWS_ACCESS_KEY_ID or KOMODO_AWS_ACCESS_KEY_ID_FILE
+aws.access_key_id = ""
+## Env: KOMODO_AWS_SECRET_ACCESS_KEY or KOMODO_AWS_SECRET_ACCESS_KEY_FILE
+aws.secret_access_key = ""
+
+#################
+# GIT PROVIDERS #
+#################
+
+## These will be available to attach to Builds, Repos, Stacks, and Syncs.
+## They allow these Resources to clone private repositories.
+## They cannot be configured on the environment.
+
+## configure git providers
+# [[git_provider]]
+# domain = "github.com"
+# accounts = [
+# 	{ username = "mbecker20", token = "access_token_for_account" },
+# 	{ username = "moghtech", token = "access_token_for_other_account" },
+# ]
+
+# [[git_provider]]
+# domain = "git.mogh.tech" # use a custom provider, like self-hosted gitea
+# accounts = [
+# 	{ username = "mbecker20", token = "access_token_for_account" },
+# ]
+
+# [[git_provider]]
+# domain = "localhost:8000" # use a custom provider, like self-hosted gitea
+# https = false # use http://localhost:8000 as base-url for clone
+# accounts = [
+# 	{ username = "mbecker20", token = "access_token_for_account" },
+# ]
+
+######################
+# REGISTRY PROVIDERS #
+######################
+
+## These will be available to attach to Builds and Stacks.
+## They allow these Resources to pull private images.
+## They cannot be configured on the environment.
+
+## configure docker registries
+# [[docker_registry]]
+# domain = "docker.io"
+# accounts = [
+# 	{ username = "mbecker2020", token = "access_token_for_account" }
+# ]
+# organizations = ["DockerhubOrganization"]
+
+# [[docker_registry]]
+# domain = "git.mogh.tech" # use a custom provider, like self-hosted gitea
+# accounts = [
+# 	{ username = "mbecker20", token = "access_token_for_account" },
+# ]
+# organizations = ["Mogh"] # These become available in the UI
+
+###########
+# SECRETS #
+###########
+
+## Provide Core based secrets.
+## These will be available to interpolate into your Deployment / Stack environments,
+## and will be hidden in the UI and logs.
+## These are available to use on any Periphery (Server),
+## but you can also limit access more by placing them in a single Periphery's config file instead.
+## These cannot be configured in the Komodo Core environment, they must be passed in the file.
+
+# [secrets]
+# SECRET_1 = "value_1"
+# SECRET_2 = "value_2"
\ No newline at end of file
diff --git a/komodo/periphery.config.toml b/komodo/periphery.config.toml
new file mode 100644
index 0000000..3adcfe2
--- /dev/null
+++ b/komodo/periphery.config.toml
@@ -0,0 +1,221 @@
+################################
+# 🦎 KOMODO PERIPHERY CONFIG 🦎 #
+################################
+
+## This is the offical "Default" config file for Komodo Periphery.
+## It serves as documentation for the meaning of the fields.
+## It is located at `https://github.com/moghtech/komodo/blob/main/config/periphery.config.toml`.
+
+## All fields with a "Default" provided are optional. If they are
+## left out of the file, the "Default" value will be used.
+
+## If Periphery was installed on the host (systemd install script), this
+## file will be located either in `/etc/komodo/periphery.config.toml`,
+## or for user installs, `$HOME/.config/komodo/periphery.config.toml`.
+
+## Optional. The port the server runs on.
+## Env: PERIPHERY_PORT
+## Default: 8120
+port = 8120
+
+## The IP address the periphery server will bind to.
+## The default will allow it to accept external IPv4 and IPv6 connections.
+## Env: PERIPHERY_BIND_IP
+## Default: [::]
+bind_ip = "[::]"
+
+## The directory periphery will use as the default base for the directories it uses.
+## The periphery user must have write access to this directory.
+## Each specific directory (like stack_dir) can be overridden below.
+## Env: PERIPHERY_ROOT_DIRECTORY
+## Default: /etc/komodo
+root_directory = "/etc/komodo"
+
+## Optional. Override the directory periphery will use to manage repos.
+## The periphery user must have write access to this directory.
+## Env: PERIPHERY_REPO_DIR
+## Default: ${root_directory}/repos
+# repo_dir = "/etc/komodo/repos"
+
+## Optional. Override the directory periphery will use to manage stacks.
+## The periphery user must have write access to this directory.
+## Env: PERIPHERY_STACK_DIR
+## Default: ${root_directory}/stacks
+# stack_dir = "/etc/komodo/stacks"
+
+## Optional. Override the directory periphery will use to manage builds.
+## The periphery user must have write access to this directory.
+## Env: PERIPHERY_BUILD_DIR
+## Default: ${root_directory}/builds
+# build_dir = "/etc/komodo/builds"
+
+## Disable the terminal APIs and disallow remote shell access through Periphery.
+## Env: PERIPHERY_DISABLE_TERMINALS
+## Default: false
+disable_terminals = false
+
+## Disable the container exec APIs and disallow remote container shell access through Periphery.
+## This can be left enabled while general terminal access is disabled.
+## Env: PERIPHERY_DISABLE_CONTAINER_EXEC
+## Default: false
+disable_container_exec = false
+
+## How often Periphery polls the host for system stats, like CPU / memory usage.
+## To effectively disable polling, set this to something like 1-hr.
+## Env: PERIPHERY_STATS_POLLING_RATE
+## Options: https://docs.rs/komodo_client/latest/komodo_client/entities/enum.Timelength.html
+## Default: 5-sec
+stats_polling_rate = "5-sec"
+
+## How often Periphery polls the host for container stats,
+## Env: PERIPHERY_STATS_POLLING_RATE
+## Options: https://docs.rs/komodo_client/latest/komodo_client/entities/enum.Timelength.html
+## Default: 5-sec
+container_stats_polling_rate = "1-min"
+
+## Whether stack actions should use `docker-compose ...`
+## instead of `docker compose ...`.
+## Env: PERIPHERY_LEGACY_COMPOSE_CLI
+## Default: false
+legacy_compose_cli = false
+
+## Optional. Only include mounts at specific paths in the disk report.
+## Example: include_disk_mounts = ["/mnt/include/1", "/mnt/include/2"]
+## Env: PERIPHERY_INCLUDE_DISK_MOUNTS
+## Default: empty, which won't filter down the disks.
+include_disk_mounts = []
+
+## Optional. Don't include these mounts in the disk report.
+## Example: exclude_disk_mounts = ["/mnt/exclude/1", "/mnt/exclude/2"]
+## Env: PERIPHERY_EXCLUDE_DISK_MOUNTS
+## Default: empty, which won't exclude any disks.
+exclude_disk_mounts = []
+
+########
+# AUTH #
+########
+
+## Optional. Limit the ip addresses which can call the periphery api.
+## Example: allowed_ips = ["::ffff:12.34.56.78"]
+## Env: PERIPHERY_ALLOWED_IPS
+## Default: empty, which will not block any request by ip.
+allowed_ips = []
+
+## Optional. Require callers to provide on of the provided passkeys to access the periphery api.
+## Example: passkeys = ["your-passkey"]
+## Env: PERIPHERY_PASSKEYS or PERIPHERY_PASSKEYS_FILE
+## Default: empty, which will not require any passkey to be passed by core.
+passkeys = []
+
+############
+# Security #
+############
+
+## Enable HTTPS server using the given key and cert.
+## If true and a key / cert at the given paths are not found, 
+## self signed keys will be generated using openssl.
+## Env: PERIPHERY_SSL_ENABLED
+## Default: true
+ssl_enabled = true
+
+## Path to the ssl key.
+## Env: PERIPHERY_SSL_KEY_FILE
+## Default: ${root_directory}/ssl/key.pem
+# ssl_key_file = "/etc/komodo/ssl/key.pem"
+
+## Path to the ssl cert.
+## Env: PERIPHERY_SSL_CERT_FILE
+## Default: ${root_directory}/ssl/cert.pem
+# ssl_cert_file = "/etc/komodo/ssl/cert.pem"
+
+###########
+# LOGGING #
+###########
+
+## Specify the logging verbosity
+## Options: off, error, warn, info, debug, trace
+## Default: info
+## Env: PERIPHERY_LOGGING_LEVEL
+logging.level = "info"
+
+## Specify the logging format for stdout / stderr.
+## Env: PERIPHERY_LOGGING_STDIO
+## Options: standard, json, none
+## Default: standard
+logging.stdio = "standard"
+
+## Specify a opentelemetry otlp endpoint to send traces to.
+## Example: http://localhost:4317.
+## Env: PERIPHERY_LOGGING_OTLP_ENDPOINT
+## Optional, no default
+logging.otlp_endpoint = ""
+
+## Set the opentelemetry service name attached to the telemetry Periphery will send.
+## Env: PERIPHERY_LOGGING_OPENTELEMETRY_SERVICE_NAME
+## Default: "Komodo"
+logging.opentelemetry_service_name = "Periphery"
+
+## Specify whether logging is more human readable.
+## Note. Single logs will span multiple lines.
+## Env: PERIPHERY_LOGGING_PRETTY
+## Default: false
+logging.pretty = false
+
+## Specify whether startup config log
+## is more human readable (multi-line)
+## Env: PERIPHERY_PRETTY_STARTUP_CONFIG
+## Default: false
+pretty_startup_config = false
+
+#################
+# GIT PROVIDERS #
+#################
+
+## configure Periphery based git providers
+# [[git_provider]]
+# domain = "github.com"
+# accounts = [
+# 	{ username = "mbecker20", token = "access_token_for_account" },
+# 	{ username = "moghtech", token = "access_token_for_other_account" },
+# ]
+
+# [[git_provider]]
+# domain = "git.mogh.tech" # use a custom provider, like self-hosted gitea
+# accounts = [
+# 	{ username = "mbecker20", token = "access_token_for_account" },
+# ]
+
+# [[git_provider]]
+# domain = "localhost:8000" # use a custom provider, like self-hosted gitea
+# https = false # use http://localhost:8000 as base-url for clone
+# accounts = [
+# 	{ username = "mbecker20", token = "access_token_for_account" },
+# ]
+
+######################
+# REGISTRY PROVIDERS #
+######################
+
+## Configure Periphery based docker registries
+# [[docker_registry]]
+# domain = "docker.io"
+# accounts = [
+# 	{ username = "mbecker2020", token = "access_token_for_account" }
+# ]
+# organizations = ["DockerhubOrganization"]
+
+# [[docker_registry]]
+# domain = "git.mogh.tech" # use a custom provider, like self-hosted gitea
+# accounts = [
+# 	{ username = "mbecker20", token = "access_token_for_account" },
+# ]
+# organizations = ["Mogh"] # These become available in the UI
+
+###########
+# SECRETS #
+###########
+
+## Provide periphery-based secrets
+# [secrets]
+# SECRET_1 = "value_1"
+# SECRET_2 = "value_2"
\ No newline at end of file
diff --git a/komodo_periphery/periphery.config.toml b/komodo_periphery/periphery.config.toml
new file mode 100644
index 0000000..3adcfe2
--- /dev/null
+++ b/komodo_periphery/periphery.config.toml
@@ -0,0 +1,221 @@
+################################
+# 🦎 KOMODO PERIPHERY CONFIG 🦎 #
+################################
+
+## This is the offical "Default" config file for Komodo Periphery.
+## It serves as documentation for the meaning of the fields.
+## It is located at `https://github.com/moghtech/komodo/blob/main/config/periphery.config.toml`.
+
+## All fields with a "Default" provided are optional. If they are
+## left out of the file, the "Default" value will be used.
+
+## If Periphery was installed on the host (systemd install script), this
+## file will be located either in `/etc/komodo/periphery.config.toml`,
+## or for user installs, `$HOME/.config/komodo/periphery.config.toml`.
+
+## Optional. The port the server runs on.
+## Env: PERIPHERY_PORT
+## Default: 8120
+port = 8120
+
+## The IP address the periphery server will bind to.
+## The default will allow it to accept external IPv4 and IPv6 connections.
+## Env: PERIPHERY_BIND_IP
+## Default: [::]
+bind_ip = "[::]"
+
+## The directory periphery will use as the default base for the directories it uses.
+## The periphery user must have write access to this directory.
+## Each specific directory (like stack_dir) can be overridden below.
+## Env: PERIPHERY_ROOT_DIRECTORY
+## Default: /etc/komodo
+root_directory = "/etc/komodo"
+
+## Optional. Override the directory periphery will use to manage repos.
+## The periphery user must have write access to this directory.
+## Env: PERIPHERY_REPO_DIR
+## Default: ${root_directory}/repos
+# repo_dir = "/etc/komodo/repos"
+
+## Optional. Override the directory periphery will use to manage stacks.
+## The periphery user must have write access to this directory.
+## Env: PERIPHERY_STACK_DIR
+## Default: ${root_directory}/stacks
+# stack_dir = "/etc/komodo/stacks"
+
+## Optional. Override the directory periphery will use to manage builds.
+## The periphery user must have write access to this directory.
+## Env: PERIPHERY_BUILD_DIR
+## Default: ${root_directory}/builds
+# build_dir = "/etc/komodo/builds"
+
+## Disable the terminal APIs and disallow remote shell access through Periphery.
+## Env: PERIPHERY_DISABLE_TERMINALS
+## Default: false
+disable_terminals = false
+
+## Disable the container exec APIs and disallow remote container shell access through Periphery.
+## This can be left enabled while general terminal access is disabled.
+## Env: PERIPHERY_DISABLE_CONTAINER_EXEC
+## Default: false
+disable_container_exec = false
+
+## How often Periphery polls the host for system stats, like CPU / memory usage.
+## To effectively disable polling, set this to something like 1-hr.
+## Env: PERIPHERY_STATS_POLLING_RATE
+## Options: https://docs.rs/komodo_client/latest/komodo_client/entities/enum.Timelength.html
+## Default: 5-sec
+stats_polling_rate = "5-sec"
+
+## How often Periphery polls the host for container stats,
+## Env: PERIPHERY_STATS_POLLING_RATE
+## Options: https://docs.rs/komodo_client/latest/komodo_client/entities/enum.Timelength.html
+## Default: 5-sec
+container_stats_polling_rate = "1-min"
+
+## Whether stack actions should use `docker-compose ...`
+## instead of `docker compose ...`.
+## Env: PERIPHERY_LEGACY_COMPOSE_CLI
+## Default: false
+legacy_compose_cli = false
+
+## Optional. Only include mounts at specific paths in the disk report.
+## Example: include_disk_mounts = ["/mnt/include/1", "/mnt/include/2"]
+## Env: PERIPHERY_INCLUDE_DISK_MOUNTS
+## Default: empty, which won't filter down the disks.
+include_disk_mounts = []
+
+## Optional. Don't include these mounts in the disk report.
+## Example: exclude_disk_mounts = ["/mnt/exclude/1", "/mnt/exclude/2"]
+## Env: PERIPHERY_EXCLUDE_DISK_MOUNTS
+## Default: empty, which won't exclude any disks.
+exclude_disk_mounts = []
+
+########
+# AUTH #
+########
+
+## Optional. Limit the ip addresses which can call the periphery api.
+## Example: allowed_ips = ["::ffff:12.34.56.78"]
+## Env: PERIPHERY_ALLOWED_IPS
+## Default: empty, which will not block any request by ip.
+allowed_ips = []
+
+## Optional. Require callers to provide on of the provided passkeys to access the periphery api.
+## Example: passkeys = ["your-passkey"]
+## Env: PERIPHERY_PASSKEYS or PERIPHERY_PASSKEYS_FILE
+## Default: empty, which will not require any passkey to be passed by core.
+passkeys = []
+
+############
+# Security #
+############
+
+## Enable HTTPS server using the given key and cert.
+## If true and a key / cert at the given paths are not found, 
+## self signed keys will be generated using openssl.
+## Env: PERIPHERY_SSL_ENABLED
+## Default: true
+ssl_enabled = true
+
+## Path to the ssl key.
+## Env: PERIPHERY_SSL_KEY_FILE
+## Default: ${root_directory}/ssl/key.pem
+# ssl_key_file = "/etc/komodo/ssl/key.pem"
+
+## Path to the ssl cert.
+## Env: PERIPHERY_SSL_CERT_FILE
+## Default: ${root_directory}/ssl/cert.pem
+# ssl_cert_file = "/etc/komodo/ssl/cert.pem"
+
+###########
+# LOGGING #
+###########
+
+## Specify the logging verbosity
+## Options: off, error, warn, info, debug, trace
+## Default: info
+## Env: PERIPHERY_LOGGING_LEVEL
+logging.level = "info"
+
+## Specify the logging format for stdout / stderr.
+## Env: PERIPHERY_LOGGING_STDIO
+## Options: standard, json, none
+## Default: standard
+logging.stdio = "standard"
+
+## Specify a opentelemetry otlp endpoint to send traces to.
+## Example: http://localhost:4317.
+## Env: PERIPHERY_LOGGING_OTLP_ENDPOINT
+## Optional, no default
+logging.otlp_endpoint = ""
+
+## Set the opentelemetry service name attached to the telemetry Periphery will send.
+## Env: PERIPHERY_LOGGING_OPENTELEMETRY_SERVICE_NAME
+## Default: "Komodo"
+logging.opentelemetry_service_name = "Periphery"
+
+## Specify whether logging is more human readable.
+## Note. Single logs will span multiple lines.
+## Env: PERIPHERY_LOGGING_PRETTY
+## Default: false
+logging.pretty = false
+
+## Specify whether startup config log
+## is more human readable (multi-line)
+## Env: PERIPHERY_PRETTY_STARTUP_CONFIG
+## Default: false
+pretty_startup_config = false
+
+#################
+# GIT PROVIDERS #
+#################
+
+## configure Periphery based git providers
+# [[git_provider]]
+# domain = "github.com"
+# accounts = [
+# 	{ username = "mbecker20", token = "access_token_for_account" },
+# 	{ username = "moghtech", token = "access_token_for_other_account" },
+# ]
+
+# [[git_provider]]
+# domain = "git.mogh.tech" # use a custom provider, like self-hosted gitea
+# accounts = [
+# 	{ username = "mbecker20", token = "access_token_for_account" },
+# ]
+
+# [[git_provider]]
+# domain = "localhost:8000" # use a custom provider, like self-hosted gitea
+# https = false # use http://localhost:8000 as base-url for clone
+# accounts = [
+# 	{ username = "mbecker20", token = "access_token_for_account" },
+# ]
+
+######################
+# REGISTRY PROVIDERS #
+######################
+
+## Configure Periphery based docker registries
+# [[docker_registry]]
+# domain = "docker.io"
+# accounts = [
+# 	{ username = "mbecker2020", token = "access_token_for_account" }
+# ]
+# organizations = ["DockerhubOrganization"]
+
+# [[docker_registry]]
+# domain = "git.mogh.tech" # use a custom provider, like self-hosted gitea
+# accounts = [
+# 	{ username = "mbecker20", token = "access_token_for_account" },
+# ]
+# organizations = ["Mogh"] # These become available in the UI
+
+###########
+# SECRETS #
+###########
+
+## Provide periphery-based secrets
+# [secrets]
+# SECRET_1 = "value_1"
+# SECRET_2 = "value_2"
\ No newline at end of file