Make base_hostname more configurable

This commit is contained in:
IamTheFij 2023-08-24 15:03:36 -07:00
parent f6dd3f4284
commit 013dd8248b
11 changed files with 21 additions and 43 deletions

View File

@ -33,7 +33,7 @@ module "authelia" {
service_tags = [ service_tags = [
# Configure traefik to add this middleware # Configure traefik to add this middleware
"traefik.http.middlewares.authelia.forwardAuth.address=http://authelia.nomad:$${NOMAD_PORT_main}/api/verify?rd=https%3A%2F%2Fauthelia.thefij.rocks%2F", "traefik.http.middlewares.authelia.forwardAuth.address=http://authelia.nomad:$${NOMAD_PORT_main}/api/verify?rd=https%3A%2F%2Fauthelia.${var.base_hostname}%2F",
"traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true", "traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true",
"traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email", "traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email",
"traefik.http.middlewares.authelia-basic.forwardAuth.address=http://authelia.nomad:$${NOMAD_PORT_main}/api/verify?auth=basic", "traefik.http.middlewares.authelia-basic.forwardAuth.address=http://authelia.nomad:$${NOMAD_PORT_main}/api/verify?auth=basic",
@ -112,7 +112,7 @@ resource "nomad_acl_auth_method" "nomad_authelia" {
default = true default = true
config { config {
oidc_discovery_url = "https://authelia.thefij.rocks" oidc_discovery_url = "https://authelia.${var.base_hostname}"
oidc_client_id = "nomad" oidc_client_id = "nomad"
oidc_client_secret = yamldecode(file("${path.module}/../ansible_playbooks/vars/nomad_vars.yml"))["nomad/oidc"]["secret"] oidc_client_secret = yamldecode(file("${path.module}/../ansible_playbooks/vars/nomad_vars.yml"))["nomad/oidc"]["secret"]
bound_audiences = ["nomad"] bound_audiences = ["nomad"]
@ -121,8 +121,8 @@ resource "nomad_acl_auth_method" "nomad_authelia" {
"openid", "openid",
] ]
allowed_redirect_uris = [ allowed_redirect_uris = [
"https://nomad.thefij.rocks/oidc/callback", "https://nomad.${var.base_hostname}/oidc/callback",
"https://nomad.thefij.rocks/ui/settings/tokens", "https://nomad.${var.base_hostname}/ui/settings/tokens",
] ]
list_claim_mappings = { list_claim_mappings = {
"groups" : "roles" "groups" : "roles"

View File

@ -1,10 +1,5 @@
locals { locals {
config_data = templatefile( config_data = file("${path.module}/config.yml")
"${path.module}/config.yml",
{
base_hostname = var.base_hostname,
}
)
} }
resource "nomad_job" "blocky" { resource "nomad_job" "blocky" {

View File

@ -1,9 +1,3 @@
variable "base_hostname" {
type = string
description = "Base hostname to serve content from"
default = "dev.homelab"
}
variable "use_wesher" { variable "use_wesher" {
type = bool type = bool
description = "Indicates whether or not services should expose themselves on the wesher network" description = "Indicates whether or not services should expose themselves on the wesher network"

View File

@ -43,7 +43,7 @@ data = /var/lib/grafana
# The full public facing url you use in browser, used for redirects and emails # The full public facing url you use in browser, used for redirects and emails
# If you use reverse proxy and sub path specify full url (with sub path) # If you use reverse proxy and sub path specify full url (with sub path)
root_url = https://grafana.thefij.rocks root_url = https://grafana.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}
# Log web requests # Log web requests
;router_logging = false ;router_logging = false
@ -264,9 +264,9 @@ name = Authelia
client_id = grafana client_id = grafana
client_secret = from_env client_secret = from_env
scopes = openid profile email groups scopes = openid profile email groups
auth_url = https://authelia.thefij.rocks/api/oidc/authorization auth_url = https://authelia.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}/api/oidc/authorization
token_url = https://authelia.thefij.rocks/api/oidc/token token_url = https://authelia.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}/api/oidc/token
api_url = https://authelia.thefij.rocks/api/oidc/userinfo api_url = https://authelia.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}/api/oidc/userinfo
login_attribute_path = preferred_username login_attribute_path = preferred_username
groups_attribute_path = groups groups_attribute_path = groups
name_attribute_path = name name_attribute_path = name
@ -437,7 +437,7 @@ enabled = true
provider = s3 provider = s3
[external_image_storage.s3] [external_image_storage.s3]
endpoint = https://minio.thefij.rocks endpoint = https://minio.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}
bucket = grafana-images bucket = grafana-images
region = us-east-1 region = us-east-1
path_style_access = true path_style_access = true

View File

@ -1,7 +1,6 @@
module "blocky" { module "blocky" {
source = "./blocky" source = "./blocky"
base_hostname = var.base_hostname
use_wesher = var.use_wesher use_wesher = var.use_wesher
# Not in this module # Not in this module
@ -10,8 +9,6 @@ module "blocky" {
module "traefik" { module "traefik" {
source = "./traefik" source = "./traefik"
base_hostname = var.base_hostname
} }
resource "nomad_job" "nomad-client-stalker" { resource "nomad_job" "nomad-client-stalker" {

View File

@ -1,9 +1,3 @@
variable "base_hostname" {
type = string
description = "Base hostname to serve content from"
default = "dev.homelab"
}
job "traefik" { job "traefik" {
datacenters = ["dc1"] datacenters = ["dc1"]
type = "service" type = "service"

View File

@ -1,15 +1,6 @@
variable "base_hostname" {
type = string
description = "Base hostname to serve content from"
default = "dev.homelab"
}
resource "nomad_job" "traefik" { resource "nomad_job" "traefik" {
hcl2 { hcl2 {
enabled = true enabled = true
vars = {
"base_hostname" = var.base_hostname,
}
} }
jobspec = file("${path.module}/traefik.nomad") jobspec = file("${path.module}/traefik.nomad")

View File

@ -17,6 +17,7 @@ module "core" {
module "services" { module "services" {
source = "./services" source = "./services"
base_hostname = var.base_hostname
use_wesher = var.use_wesher use_wesher = var.use_wesher
# NOTE: It may be possible to flip this and core so core templates don't # NOTE: It may be possible to flip this and core so core templates don't

View File

@ -56,7 +56,7 @@ module "photoprism_module" {
PHOTOPRISM_SITE_CAPTION = "AI-Powered Photos App" PHOTOPRISM_SITE_CAPTION = "AI-Powered Photos App"
PHOTOPRISM_SITE_DESCRIPTION = "Fijolek home photos" PHOTOPRISM_SITE_DESCRIPTION = "Fijolek home photos"
PHOTOPRISM_SITE_TITLE = "PhotoPrism" PHOTOPRISM_SITE_TITLE = "PhotoPrism"
PHOTOPRISM_SITE_URL = "https://photoprism.thefij.rocks/" PHOTOPRISM_SITE_URL = "https://photoprism.${var.base_hostname}/"
PHOTOPRISM_SPONSOR = "true" PHOTOPRISM_SPONSOR = "true"
# Worker config # Worker config
PHOTOPRISM_WORKERS = 2 PHOTOPRISM_WORKERS = 2

View File

@ -1,3 +1,9 @@
variable "base_hostname" {
type = string
description = "Base hostname to serve content from"
default = "dev.homelab"
}
variable "use_wesher" { variable "use_wesher" {
type = bool type = bool
description = "Indicates whether or not services should expose themselves on the wesher network" description = "Indicates whether or not services should expose themselves on the wesher network"

View File

@ -6,7 +6,7 @@ variable "nomad_address" {
variable "base_hostname" { variable "base_hostname" {
type = string type = string
description = "Base hostname to serve content from" description = "Base hostname to serve content from"
default = "dev.homelab" default = "thefij.rocks"
} }
variable "nomad_secret_id" { variable "nomad_secret_id" {