Make base_hostname more configurable
This commit is contained in:
parent
f6dd3f4284
commit
013dd8248b
@ -33,7 +33,7 @@ module "authelia" {
|
|||||||
|
|
||||||
service_tags = [
|
service_tags = [
|
||||||
# Configure traefik to add this middleware
|
# Configure traefik to add this middleware
|
||||||
"traefik.http.middlewares.authelia.forwardAuth.address=http://authelia.nomad:$${NOMAD_PORT_main}/api/verify?rd=https%3A%2F%2Fauthelia.thefij.rocks%2F",
|
"traefik.http.middlewares.authelia.forwardAuth.address=http://authelia.nomad:$${NOMAD_PORT_main}/api/verify?rd=https%3A%2F%2Fauthelia.${var.base_hostname}%2F",
|
||||||
"traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true",
|
"traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true",
|
||||||
"traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email",
|
"traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email",
|
||||||
"traefik.http.middlewares.authelia-basic.forwardAuth.address=http://authelia.nomad:$${NOMAD_PORT_main}/api/verify?auth=basic",
|
"traefik.http.middlewares.authelia-basic.forwardAuth.address=http://authelia.nomad:$${NOMAD_PORT_main}/api/verify?auth=basic",
|
||||||
@ -112,7 +112,7 @@ resource "nomad_acl_auth_method" "nomad_authelia" {
|
|||||||
default = true
|
default = true
|
||||||
|
|
||||||
config {
|
config {
|
||||||
oidc_discovery_url = "https://authelia.thefij.rocks"
|
oidc_discovery_url = "https://authelia.${var.base_hostname}"
|
||||||
oidc_client_id = "nomad"
|
oidc_client_id = "nomad"
|
||||||
oidc_client_secret = yamldecode(file("${path.module}/../ansible_playbooks/vars/nomad_vars.yml"))["nomad/oidc"]["secret"]
|
oidc_client_secret = yamldecode(file("${path.module}/../ansible_playbooks/vars/nomad_vars.yml"))["nomad/oidc"]["secret"]
|
||||||
bound_audiences = ["nomad"]
|
bound_audiences = ["nomad"]
|
||||||
@ -121,8 +121,8 @@ resource "nomad_acl_auth_method" "nomad_authelia" {
|
|||||||
"openid",
|
"openid",
|
||||||
]
|
]
|
||||||
allowed_redirect_uris = [
|
allowed_redirect_uris = [
|
||||||
"https://nomad.thefij.rocks/oidc/callback",
|
"https://nomad.${var.base_hostname}/oidc/callback",
|
||||||
"https://nomad.thefij.rocks/ui/settings/tokens",
|
"https://nomad.${var.base_hostname}/ui/settings/tokens",
|
||||||
]
|
]
|
||||||
list_claim_mappings = {
|
list_claim_mappings = {
|
||||||
"groups" : "roles"
|
"groups" : "roles"
|
||||||
|
@ -1,10 +1,5 @@
|
|||||||
locals {
|
locals {
|
||||||
config_data = templatefile(
|
config_data = file("${path.module}/config.yml")
|
||||||
"${path.module}/config.yml",
|
|
||||||
{
|
|
||||||
base_hostname = var.base_hostname,
|
|
||||||
}
|
|
||||||
)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "nomad_job" "blocky" {
|
resource "nomad_job" "blocky" {
|
||||||
|
@ -1,9 +1,3 @@
|
|||||||
variable "base_hostname" {
|
|
||||||
type = string
|
|
||||||
description = "Base hostname to serve content from"
|
|
||||||
default = "dev.homelab"
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "use_wesher" {
|
variable "use_wesher" {
|
||||||
type = bool
|
type = bool
|
||||||
description = "Indicates whether or not services should expose themselves on the wesher network"
|
description = "Indicates whether or not services should expose themselves on the wesher network"
|
||||||
|
@ -43,7 +43,7 @@ data = /var/lib/grafana
|
|||||||
|
|
||||||
# The full public facing url you use in browser, used for redirects and emails
|
# The full public facing url you use in browser, used for redirects and emails
|
||||||
# If you use reverse proxy and sub path specify full url (with sub path)
|
# If you use reverse proxy and sub path specify full url (with sub path)
|
||||||
root_url = https://grafana.thefij.rocks
|
root_url = https://grafana.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}
|
||||||
|
|
||||||
# Log web requests
|
# Log web requests
|
||||||
;router_logging = false
|
;router_logging = false
|
||||||
@ -264,9 +264,9 @@ name = Authelia
|
|||||||
client_id = grafana
|
client_id = grafana
|
||||||
client_secret = from_env
|
client_secret = from_env
|
||||||
scopes = openid profile email groups
|
scopes = openid profile email groups
|
||||||
auth_url = https://authelia.thefij.rocks/api/oidc/authorization
|
auth_url = https://authelia.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}/api/oidc/authorization
|
||||||
token_url = https://authelia.thefij.rocks/api/oidc/token
|
token_url = https://authelia.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}/api/oidc/token
|
||||||
api_url = https://authelia.thefij.rocks/api/oidc/userinfo
|
api_url = https://authelia.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}/api/oidc/userinfo
|
||||||
login_attribute_path = preferred_username
|
login_attribute_path = preferred_username
|
||||||
groups_attribute_path = groups
|
groups_attribute_path = groups
|
||||||
name_attribute_path = name
|
name_attribute_path = name
|
||||||
@ -437,7 +437,7 @@ enabled = true
|
|||||||
provider = s3
|
provider = s3
|
||||||
|
|
||||||
[external_image_storage.s3]
|
[external_image_storage.s3]
|
||||||
endpoint = https://minio.thefij.rocks
|
endpoint = https://minio.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}
|
||||||
bucket = grafana-images
|
bucket = grafana-images
|
||||||
region = us-east-1
|
region = us-east-1
|
||||||
path_style_access = true
|
path_style_access = true
|
||||||
|
@ -1,7 +1,6 @@
|
|||||||
module "blocky" {
|
module "blocky" {
|
||||||
source = "./blocky"
|
source = "./blocky"
|
||||||
|
|
||||||
base_hostname = var.base_hostname
|
|
||||||
use_wesher = var.use_wesher
|
use_wesher = var.use_wesher
|
||||||
|
|
||||||
# Not in this module
|
# Not in this module
|
||||||
@ -10,8 +9,6 @@ module "blocky" {
|
|||||||
|
|
||||||
module "traefik" {
|
module "traefik" {
|
||||||
source = "./traefik"
|
source = "./traefik"
|
||||||
|
|
||||||
base_hostname = var.base_hostname
|
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "nomad_job" "nomad-client-stalker" {
|
resource "nomad_job" "nomad-client-stalker" {
|
||||||
|
@ -1,9 +1,3 @@
|
|||||||
variable "base_hostname" {
|
|
||||||
type = string
|
|
||||||
description = "Base hostname to serve content from"
|
|
||||||
default = "dev.homelab"
|
|
||||||
}
|
|
||||||
|
|
||||||
job "traefik" {
|
job "traefik" {
|
||||||
datacenters = ["dc1"]
|
datacenters = ["dc1"]
|
||||||
type = "service"
|
type = "service"
|
||||||
|
@ -1,15 +1,6 @@
|
|||||||
variable "base_hostname" {
|
|
||||||
type = string
|
|
||||||
description = "Base hostname to serve content from"
|
|
||||||
default = "dev.homelab"
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "nomad_job" "traefik" {
|
resource "nomad_job" "traefik" {
|
||||||
hcl2 {
|
hcl2 {
|
||||||
enabled = true
|
enabled = true
|
||||||
vars = {
|
|
||||||
"base_hostname" = var.base_hostname,
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
jobspec = file("${path.module}/traefik.nomad")
|
jobspec = file("${path.module}/traefik.nomad")
|
||||||
|
1
main.tf
1
main.tf
@ -17,6 +17,7 @@ module "core" {
|
|||||||
module "services" {
|
module "services" {
|
||||||
source = "./services"
|
source = "./services"
|
||||||
|
|
||||||
|
base_hostname = var.base_hostname
|
||||||
use_wesher = var.use_wesher
|
use_wesher = var.use_wesher
|
||||||
|
|
||||||
# NOTE: It may be possible to flip this and core so core templates don't
|
# NOTE: It may be possible to flip this and core so core templates don't
|
||||||
|
@ -56,7 +56,7 @@ module "photoprism_module" {
|
|||||||
PHOTOPRISM_SITE_CAPTION = "AI-Powered Photos App"
|
PHOTOPRISM_SITE_CAPTION = "AI-Powered Photos App"
|
||||||
PHOTOPRISM_SITE_DESCRIPTION = "Fijolek home photos"
|
PHOTOPRISM_SITE_DESCRIPTION = "Fijolek home photos"
|
||||||
PHOTOPRISM_SITE_TITLE = "PhotoPrism"
|
PHOTOPRISM_SITE_TITLE = "PhotoPrism"
|
||||||
PHOTOPRISM_SITE_URL = "https://photoprism.thefij.rocks/"
|
PHOTOPRISM_SITE_URL = "https://photoprism.${var.base_hostname}/"
|
||||||
PHOTOPRISM_SPONSOR = "true"
|
PHOTOPRISM_SPONSOR = "true"
|
||||||
# Worker config
|
# Worker config
|
||||||
PHOTOPRISM_WORKERS = 2
|
PHOTOPRISM_WORKERS = 2
|
||||||
|
@ -1,3 +1,9 @@
|
|||||||
|
variable "base_hostname" {
|
||||||
|
type = string
|
||||||
|
description = "Base hostname to serve content from"
|
||||||
|
default = "dev.homelab"
|
||||||
|
}
|
||||||
|
|
||||||
variable "use_wesher" {
|
variable "use_wesher" {
|
||||||
type = bool
|
type = bool
|
||||||
description = "Indicates whether or not services should expose themselves on the wesher network"
|
description = "Indicates whether or not services should expose themselves on the wesher network"
|
||||||
|
2
vars.tf
2
vars.tf
@ -6,7 +6,7 @@ variable "nomad_address" {
|
|||||||
variable "base_hostname" {
|
variable "base_hostname" {
|
||||||
type = string
|
type = string
|
||||||
description = "Base hostname to serve content from"
|
description = "Base hostname to serve content from"
|
||||||
default = "dev.homelab"
|
default = "thefij.rocks"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "nomad_secret_id" {
|
variable "nomad_secret_id" {
|
||||||
|
Loading…
Reference in New Issue
Block a user