Make base_hostname more configurable

core/authelia.tf

@@ -33,7 +33,7 @@ module "authelia" {
 
   service_tags = [
     # Configure traefik to add this middleware
-    "traefik.http.middlewares.authelia.forwardAuth.address=http://authelia.nomad:$${NOMAD_PORT_main}/api/verify?rd=https%3A%2F%2Fauthelia.thefij.rocks%2F",
+    "traefik.http.middlewares.authelia.forwardAuth.address=http://authelia.nomad:$${NOMAD_PORT_main}/api/verify?rd=https%3A%2F%2Fauthelia.${var.base_hostname}%2F",
     "traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true",
     "traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email",
     "traefik.http.middlewares.authelia-basic.forwardAuth.address=http://authelia.nomad:$${NOMAD_PORT_main}/api/verify?auth=basic",
@@ -112,7 +112,7 @@ resource "nomad_acl_auth_method" "nomad_authelia" {
   default        = true
 
   config {
-    oidc_discovery_url = "https://authelia.thefij.rocks"
+    oidc_discovery_url = "https://authelia.${var.base_hostname}"
     oidc_client_id     = "nomad"
     oidc_client_secret = yamldecode(file("${path.module}/../ansible_playbooks/vars/nomad_vars.yml"))["nomad/oidc"]["secret"]
     bound_audiences    = ["nomad"]
@@ -121,8 +121,8 @@ resource "nomad_acl_auth_method" "nomad_authelia" {
       "openid",
     ]
     allowed_redirect_uris = [
-      "https://nomad.thefij.rocks/oidc/callback",
-      "https://nomad.thefij.rocks/ui/settings/tokens",
+      "https://nomad.${var.base_hostname}/oidc/callback",
+      "https://nomad.${var.base_hostname}/ui/settings/tokens",
     ]
     list_claim_mappings = {
       "groups" : "roles"

core/blocky/blocky.tf

@@ -1,10 +1,5 @@
 locals {
-  config_data = templatefile(
-    "${path.module}/config.yml",
-    {
-      base_hostname = var.base_hostname,
-    }
-  )
+  config_data = file("${path.module}/config.yml")
 }
 
 resource "nomad_job" "blocky" {

core/blocky/vars.tf

@@ -1,9 +1,3 @@
-variable "base_hostname" {
-  type        = string
-  description = "Base hostname to serve content from"
-  default     = "dev.homelab"
-}
-
 variable "use_wesher" {
   type        = bool
   description = "Indicates whether or not services should expose themselves on the wesher network"

core/grafana/grafana.ini

@@ -43,7 +43,7 @@ data = /var/lib/grafana
 
 # The full public facing url you use in browser, used for redirects and emails
 # If you use reverse proxy and sub path specify full url (with sub path)
-root_url = https://grafana.thefij.rocks
+root_url = https://grafana.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}
 
 # Log web requests
 ;router_logging = false
@@ -264,9 +264,9 @@ name = Authelia
 client_id = grafana
 client_secret = from_env
 scopes = openid profile email groups
-auth_url = https://authelia.thefij.rocks/api/oidc/authorization
-token_url = https://authelia.thefij.rocks/api/oidc/token
-api_url = https://authelia.thefij.rocks/api/oidc/userinfo
+auth_url = https://authelia.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}/api/oidc/authorization
+token_url = https://authelia.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}/api/oidc/token
+api_url = https://authelia.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}/api/oidc/userinfo
 login_attribute_path = preferred_username
 groups_attribute_path = groups
 name_attribute_path = name
@@ -437,7 +437,7 @@ enabled           = true
 provider = s3
 
 [external_image_storage.s3]
-endpoint = https://minio.thefij.rocks
+endpoint = https://minio.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}
 bucket = grafana-images
 region = us-east-1
 path_style_access = true

core/main.tf

@@ -1,7 +1,6 @@
 module "blocky" {
   source = "./blocky"
 
-  base_hostname = var.base_hostname
   use_wesher = var.use_wesher
 
   # Not in this module
@@ -10,8 +9,6 @@ module "blocky" {
 
 module "traefik" {
   source = "./traefik"
-
-  base_hostname = var.base_hostname
 }
 
 resource "nomad_job" "nomad-client-stalker" {

core/traefik/traefik.nomad

@@ -1,9 +1,3 @@
-variable "base_hostname" {
-  type = string
-  description = "Base hostname to serve content from"
-  default = "dev.homelab"
-}
-
 job "traefik" {
   datacenters = ["dc1"]
   type = "service"

core/traefik/traefik.tf

@@ -1,15 +1,6 @@
-variable "base_hostname" {
-  type        = string
-  description = "Base hostname to serve content from"
-  default     = "dev.homelab"
-}
-
 resource "nomad_job" "traefik" {
   hcl2 {
     enabled = true
-    vars = {
-      "base_hostname" = var.base_hostname,
-    }
   }
 
   jobspec = file("${path.module}/traefik.nomad")

main.tf

@@ -17,6 +17,7 @@ module "core" {
 module "services" {
   source = "./services"
 
+  base_hostname = var.base_hostname
   use_wesher    = var.use_wesher
 
   # NOTE: It may be possible to flip this and core so core templates don't

services/photoprism.tf

@@ -56,7 +56,7 @@ module "photoprism_module" {
     PHOTOPRISM_SITE_CAPTION     = "AI-Powered Photos App"
     PHOTOPRISM_SITE_DESCRIPTION = "Fijolek home photos"
     PHOTOPRISM_SITE_TITLE       = "PhotoPrism"
-    PHOTOPRISM_SITE_URL         = "https://photoprism.thefij.rocks/"
+    PHOTOPRISM_SITE_URL         = "https://photoprism.${var.base_hostname}/"
     PHOTOPRISM_SPONSOR          = "true"
     # Worker config
     PHOTOPRISM_WORKERS = 2

services/vars.tf

@@ -1,3 +1,9 @@
+variable "base_hostname" {
+  type        = string
+  description = "Base hostname to serve content from"
+  default     = "dev.homelab"
+}
+
 variable "use_wesher" {
   type        = bool
   description = "Indicates whether or not services should expose themselves on the wesher network"

vars.tf

@@ -6,7 +6,7 @@ variable "nomad_address" {
 variable "base_hostname" {
   type        = string
   description = "Base hostname to serve content from"
-  default     = "dev.homelab"
+  default     = "thefij.rocks"
 }
 
 variable "nomad_secret_id" {