From 0a7ad7a9dc2e96172d63a0d30ac08676120a95c2 Mon Sep 17 00:00:00 2001 From: Ian Fijolek Date: Fri, 7 Jul 2023 15:50:23 -0700 Subject: [PATCH] Enable redis for authelia This also splits redis instances by service --- .secrets-baseline | 4 ++-- core/authelia.yml | 19 +++++++++---------- core/blocky/blocky.nomad | 2 +- core/main.tf | 1 + databases/main.tf | 8 +++++++- databases/redis.nomad | 18 +++++++++--------- services/service/service_template.nomad | 2 +- 7 files changed, 30 insertions(+), 24 deletions(-) diff --git a/.secrets-baseline b/.secrets-baseline index 6ee7add..a24de3c 100644 --- a/.secrets-baseline +++ b/.secrets-baseline @@ -158,7 +158,7 @@ "filename": "core/authelia.yml", "hashed_secret": "a32b08d97b1615dc27f58b6b17f67624c04e2c4f", "is_verified": false, - "line_number": 187, + "line_number": 186, "is_secret": false } ], @@ -213,5 +213,5 @@ } ] }, - "generated_at": "2023-07-07T07:39:31Z" + "generated_at": "2023-07-07T22:48:34Z" } diff --git a/core/authelia.yml b/core/authelia.yml index fd366e0..ea64475 100644 --- a/core/authelia.yml +++ b/core/authelia.yml @@ -178,16 +178,15 @@ session: inactivity: 5m remember_me_duration: 1M - # TODO: use redis when I figure out authentication and database indexes - # redis: - # host: - # port: - # - # # username: authelia - # # password: authelia - # database_index: 0 - # maximum_active_connections: 8 - # minimum_idle_connections: 0 + redis: + host: 127.0.0.1 + port: 6379 + + # username: authelia + # password: authelia + # database_index: 0 + maximum_active_connections: 8 + minimum_idle_connections: 0 regulation: max_retries: 3 diff --git a/core/blocky/blocky.nomad b/core/blocky/blocky.nomad index 3c361d1..c8ca145 100644 --- a/core/blocky/blocky.nomad +++ b/core/blocky/blocky.nomad @@ -150,7 +150,7 @@ PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/mysql_stunnel_psk.txt [redis_client] client = yes accept = 127.0.0.1:6379 -{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "redis-tls" -}} +{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "redis-blocky" -}} connect = {{ .Address }}:{{ .Port }} {{- end }} PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/stunnel_psk.txt diff --git a/core/main.tf b/core/main.tf index cc147f5..56af5c0 100644 --- a/core/main.tf +++ b/core/main.tf @@ -78,6 +78,7 @@ module "authelia" { use_mysql = true use_ldap = true + use_redis = true mysql_bootstrap = { enabled = true } diff --git a/databases/main.tf b/databases/main.tf index 6d25af5..eb03061 100644 --- a/databases/main.tf +++ b/databases/main.tf @@ -21,11 +21,17 @@ resource "nomad_job" "postgres-server" { } resource "nomad_job" "redis" { + for_each = toset(["blocky", "authelia"]) + hcl2 { enabled = true } - jobspec = file("${path.module}/redis.nomad") + jobspec = templatefile("${path.module}/redis.nomad", + { + name = each.key, + } + ) # Block until deployed as there are servics dependent on this one detach = false diff --git a/databases/redis.nomad b/databases/redis.nomad index 4d55e3e..b8e3e67 100644 --- a/databases/redis.nomad +++ b/databases/redis.nomad @@ -1,4 +1,4 @@ -job "redis" { +job "redis-${name}" { datacenters = ["dc1"] type = "service" priority = 80 @@ -19,7 +19,7 @@ job "redis" { } service { - name = "redis-tls" + name = "redis-${name}" provider = "nomad" port = "tls" } @@ -29,7 +29,7 @@ job "redis" { config { image = "redis:6" - args = ["redis-server", "--save", "60", "1", "--loglevel", "warning", "--dir", "${NOMAD_ALLOC_DIR}/data"] + args = ["redis-server", "--save", "60", "1", "--loglevel", "warning", "--dir", "$${NOMAD_ALLOC_DIR}/data"] ports = ["main"] } @@ -46,7 +46,7 @@ job "redis" { config { image = "alpine:3.17" ports = ["tls"] - args = ["/bin/sh", "${NOMAD_TASK_DIR}/start.sh"] + args = ["/bin/sh", "$${NOMAD_TASK_DIR}/start.sh"] } resources { @@ -58,9 +58,9 @@ job "redis" { data = <