Skip to content

Homelab Docs

2026-06-26 Komodo secrets + Graylog streams

notarealemail/homelab

Komodo secret rotation + Graylog stream hygiene (2026-06-26)¶

Komodo¶

Replaced literal GENERATE_ON_HOST placeholders in services/komodo/compose.env with real random secrets on infra-services:

MongoDB komodo user password (via mongosh admin)
KOMODO_INIT_ADMIN_PASSWORD, KOMODO_WEBHOOK_SECRET, KOMODO_JWT_SECRET
GitHub Actions KOMODO_WEBHOOK_SECRET synced after rotation
Verified: scripts/trigger-komodo-deploy.py → HTTP 200

Script: scripts/rotate-komodo-secrets.sh

Graylog¶

Created Pattern E search streams on LXC 109 (source regex rules):

Stream	Purpose
`udm`	UDM SE / gateway
`unifi-devices`	UniFi switches/APs
`proxmox`	Proxmox hypervisor
`synology`	Whrrr DSM

Rotated Graylog admin password; stored on infra-services at /etc/homelab/graylog-admin.password (copy to 1Password).

Script: scripts/configure-graylog-streams.sh