Enable redis for authelia
This also splits redis instances by service
This commit is contained in:
parent
b0c1aca497
commit
0a7ad7a9dc
@ -158,7 +158,7 @@
|
|||||||
"filename": "core/authelia.yml",
|
"filename": "core/authelia.yml",
|
||||||
"hashed_secret": "a32b08d97b1615dc27f58b6b17f67624c04e2c4f",
|
"hashed_secret": "a32b08d97b1615dc27f58b6b17f67624c04e2c4f",
|
||||||
"is_verified": false,
|
"is_verified": false,
|
||||||
"line_number": 187,
|
"line_number": 186,
|
||||||
"is_secret": false
|
"is_secret": false
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
@ -213,5 +213,5 @@
|
|||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"generated_at": "2023-07-07T07:39:31Z"
|
"generated_at": "2023-07-07T22:48:34Z"
|
||||||
}
|
}
|
||||||
|
@ -178,16 +178,15 @@ session:
|
|||||||
inactivity: 5m
|
inactivity: 5m
|
||||||
remember_me_duration: 1M
|
remember_me_duration: 1M
|
||||||
|
|
||||||
# TODO: use redis when I figure out authentication and database indexes
|
redis:
|
||||||
# redis:
|
host: 127.0.0.1
|
||||||
# host:
|
port: 6379
|
||||||
# port:
|
|
||||||
#
|
# username: authelia
|
||||||
# # username: authelia
|
# password: authelia
|
||||||
# # password: authelia
|
|
||||||
# database_index: 0
|
# database_index: 0
|
||||||
# maximum_active_connections: 8
|
maximum_active_connections: 8
|
||||||
# minimum_idle_connections: 0
|
minimum_idle_connections: 0
|
||||||
|
|
||||||
regulation:
|
regulation:
|
||||||
max_retries: 3
|
max_retries: 3
|
||||||
|
@ -150,7 +150,7 @@ PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/mysql_stunnel_psk.txt
|
|||||||
[redis_client]
|
[redis_client]
|
||||||
client = yes
|
client = yes
|
||||||
accept = 127.0.0.1:6379
|
accept = 127.0.0.1:6379
|
||||||
{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "redis-tls" -}}
|
{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "redis-blocky" -}}
|
||||||
connect = {{ .Address }}:{{ .Port }}
|
connect = {{ .Address }}:{{ .Port }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/stunnel_psk.txt
|
PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/stunnel_psk.txt
|
||||||
|
@ -78,6 +78,7 @@ module "authelia" {
|
|||||||
|
|
||||||
use_mysql = true
|
use_mysql = true
|
||||||
use_ldap = true
|
use_ldap = true
|
||||||
|
use_redis = true
|
||||||
mysql_bootstrap = {
|
mysql_bootstrap = {
|
||||||
enabled = true
|
enabled = true
|
||||||
}
|
}
|
||||||
|
@ -21,11 +21,17 @@ resource "nomad_job" "postgres-server" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
resource "nomad_job" "redis" {
|
resource "nomad_job" "redis" {
|
||||||
|
for_each = toset(["blocky", "authelia"])
|
||||||
|
|
||||||
hcl2 {
|
hcl2 {
|
||||||
enabled = true
|
enabled = true
|
||||||
}
|
}
|
||||||
|
|
||||||
jobspec = file("${path.module}/redis.nomad")
|
jobspec = templatefile("${path.module}/redis.nomad",
|
||||||
|
{
|
||||||
|
name = each.key,
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
# Block until deployed as there are servics dependent on this one
|
# Block until deployed as there are servics dependent on this one
|
||||||
detach = false
|
detach = false
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
job "redis" {
|
job "redis-${name}" {
|
||||||
datacenters = ["dc1"]
|
datacenters = ["dc1"]
|
||||||
type = "service"
|
type = "service"
|
||||||
priority = 80
|
priority = 80
|
||||||
@ -19,7 +19,7 @@ job "redis" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
service {
|
service {
|
||||||
name = "redis-tls"
|
name = "redis-${name}"
|
||||||
provider = "nomad"
|
provider = "nomad"
|
||||||
port = "tls"
|
port = "tls"
|
||||||
}
|
}
|
||||||
@ -29,7 +29,7 @@ job "redis" {
|
|||||||
|
|
||||||
config {
|
config {
|
||||||
image = "redis:6"
|
image = "redis:6"
|
||||||
args = ["redis-server", "--save", "60", "1", "--loglevel", "warning", "--dir", "${NOMAD_ALLOC_DIR}/data"]
|
args = ["redis-server", "--save", "60", "1", "--loglevel", "warning", "--dir", "$${NOMAD_ALLOC_DIR}/data"]
|
||||||
ports = ["main"]
|
ports = ["main"]
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -46,7 +46,7 @@ job "redis" {
|
|||||||
config {
|
config {
|
||||||
image = "alpine:3.17"
|
image = "alpine:3.17"
|
||||||
ports = ["tls"]
|
ports = ["tls"]
|
||||||
args = ["/bin/sh", "${NOMAD_TASK_DIR}/start.sh"]
|
args = ["/bin/sh", "$${NOMAD_TASK_DIR}/start.sh"]
|
||||||
}
|
}
|
||||||
|
|
||||||
resources {
|
resources {
|
||||||
@ -58,9 +58,9 @@ job "redis" {
|
|||||||
data = <<EOF
|
data = <<EOF
|
||||||
set -e
|
set -e
|
||||||
apk add stunnel
|
apk add stunnel
|
||||||
exec stunnel ${NOMAD_TASK_DIR}/stunnel.conf
|
exec stunnel $${NOMAD_TASK_DIR}/stunnel.conf
|
||||||
EOF
|
EOF
|
||||||
destination = "${NOMAD_TASK_DIR}/start.sh"
|
destination = "$${NOMAD_TASK_DIR}/start.sh"
|
||||||
}
|
}
|
||||||
|
|
||||||
template {
|
template {
|
||||||
@ -76,16 +76,16 @@ connect = 127.0.0.1:6379
|
|||||||
ciphers = PSK
|
ciphers = PSK
|
||||||
PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/stunnel_psk.txt
|
PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/stunnel_psk.txt
|
||||||
EOF
|
EOF
|
||||||
destination = "${NOMAD_TASK_DIR}/stunnel.conf"
|
destination = "$${NOMAD_TASK_DIR}/stunnel.conf"
|
||||||
}
|
}
|
||||||
|
|
||||||
template {
|
template {
|
||||||
data = <<EOF
|
data = <<EOF
|
||||||
{{ with nomadVar "nomad/jobs/redis" -}}
|
{{ with nomadVar "nomad/jobs/redis-${name}" -}}
|
||||||
{{ .allowed_psks }}
|
{{ .allowed_psks }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
EOF
|
EOF
|
||||||
destination = "${NOMAD_SECRETS_DIR}/stunnel_psk.txt"
|
destination = "$${NOMAD_SECRETS_DIR}/stunnel_psk.txt"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -274,7 +274,7 @@ PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/mysql_stunnel_psk.txt
|
|||||||
[redis_client]
|
[redis_client]
|
||||||
client = yes
|
client = yes
|
||||||
accept = 127.0.0.1:6379
|
accept = 127.0.0.1:6379
|
||||||
{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "redis-tls" -}}
|
{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "redis-${name}" -}}
|
||||||
connect = {{ .Address }}:{{ .Port }}
|
connect = {{ .Address }}:{{ .Port }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/redis_stunnel_psk.txt
|
PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/redis_stunnel_psk.txt
|
||||||
|
Loading…
Reference in New Issue
Block a user