iamthefij/homelab-nomad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Enable redis for authelia

Browse Source 
This also splits redis instances by service
This commit is contained in:
IamTheFij 2023-07-07 15:50:23 -07:00
parent b0c1aca497
commit 0a7ad7a9dc
7 changed files with 30 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.secrets-baseline
View File

@ -158,7 +158,7 @@
"filename": "core/authelia.yml", "filename": "core/authelia.yml",
"hashed_secret": "a32b08d97b1615dc27f58b6b17f67624c04e2c4f", "hashed_secret": "a32b08d97b1615dc27f58b6b17f67624c04e2c4f",
"is_verified": false, "is_verified": false,
"line_number": 187, "line_number": 186,
"is_secret": false "is_secret": false
} }
], ],
@ -213,5 +213,5 @@
} }
] ]
}, },
"generated_at": "2023-07-07T07:39:31Z" "generated_at": "2023-07-07T22:48:34Z"
} }

19
core/authelia.yml
View File

@ -178,16 +178,15 @@ session:
inactivity: 5m inactivity: 5m
remember_me_duration: 1M remember_me_duration: 1M
# TODO: use redis when I figure out authentication and database indexes redis:
# redis: host: 127.0.0.1
# host: port: 6379
# port:
# # username: authelia
# # username: authelia # password: authelia
# # password: authelia # database_index: 0
# database_index: 0 maximum_active_connections: 8
# maximum_active_connections: 8 minimum_idle_connections: 0
# minimum_idle_connections: 0
regulation: regulation:
max_retries: 3 max_retries: 3

2
core/blocky/blocky.nomad
View File

@ -150,7 +150,7 @@ PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/mysql_stunnel_psk.txt
[redis_client] [redis_client]
client = yes client = yes
accept = 127.0.0.1:6379 accept = 127.0.0.1:6379
{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "redis-tls" -}} {{ range nomadService 1 (env "NOMAD_ALLOC_ID") "redis-blocky" -}}
connect = {{ .Address }}:{{ .Port }} connect = {{ .Address }}:{{ .Port }}
{{- end }} {{- end }}
PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/stunnel_psk.txt PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/stunnel_psk.txt

1
core/main.tf
View File

@ -78,6 +78,7 @@ module "authelia" {
use_mysql = true use_mysql = true
use_ldap = true use_ldap = true
use_redis = true
mysql_bootstrap = { mysql_bootstrap = {
enabled = true enabled = true
} }

8
databases/main.tf
View File

@ -21,11 +21,17 @@ resource "nomad_job" "postgres-server" {
} }
resource "nomad_job" "redis" { resource "nomad_job" "redis" {
for_each = toset(["blocky", "authelia"])
hcl2 { hcl2 {
enabled = true enabled = true
} }
jobspec = file("${path.module}/redis.nomad") jobspec = templatefile("${path.module}/redis.nomad",
{
name = each.key,
}
)
# Block until deployed as there are servics dependent on this one # Block until deployed as there are servics dependent on this one
detach = false detach = false

18
databases/redis.nomad
View File

@ -1,4 +1,4 @@
job "redis" { job "redis-${name}" {
datacenters = ["dc1"] datacenters = ["dc1"]
type = "service" type = "service"
priority = 80 priority = 80
@ -19,7 +19,7 @@ job "redis" {
} }
service { service {
name = "redis-tls" name = "redis-${name}"
provider = "nomad" provider = "nomad"
port = "tls" port = "tls"
} }
@ -29,7 +29,7 @@ job "redis" {
config { config {
image = "redis:6" image = "redis:6"
args = ["redis-server", "--save", "60", "1", "--loglevel", "warning", "--dir", "${NOMAD_ALLOC_DIR}/data"] args = ["redis-server", "--save", "60", "1", "--loglevel", "warning", "--dir", "$${NOMAD_ALLOC_DIR}/data"]
ports = ["main"] ports = ["main"]
} }
@ -46,7 +46,7 @@ job "redis" {
config { config {
image = "alpine:3.17" image = "alpine:3.17"
ports = ["tls"] ports = ["tls"]
args = ["/bin/sh", "${NOMAD_TASK_DIR}/start.sh"] args = ["/bin/sh", "$${NOMAD_TASK_DIR}/start.sh"]
} }
resources { resources {
@ -58,9 +58,9 @@ job "redis" {
data = <<EOF data = <<EOF
set -e set -e
apk add stunnel apk add stunnel
exec stunnel ${NOMAD_TASK_DIR}/stunnel.conf exec stunnel $${NOMAD_TASK_DIR}/stunnel.conf
EOF EOF
destination = "${NOMAD_TASK_DIR}/start.sh" destination = "$${NOMAD_TASK_DIR}/start.sh"
} }
template { template {
@ -76,16 +76,16 @@ connect = 127.0.0.1:6379
ciphers = PSK ciphers = PSK
PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/stunnel_psk.txt PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/stunnel_psk.txt
EOF EOF
destination = "${NOMAD_TASK_DIR}/stunnel.conf" destination = "$${NOMAD_TASK_DIR}/stunnel.conf"
} }
template { template {
data = <<EOF data = <<EOF
{{ with nomadVar "nomad/jobs/redis" -}} {{ with nomadVar "nomad/jobs/redis-${name}" -}}
{{ .allowed_psks }} {{ .allowed_psks }}
{{- end }} {{- end }}
EOF EOF
destination = "${NOMAD_SECRETS_DIR}/stunnel_psk.txt" destination = "$${NOMAD_SECRETS_DIR}/stunnel_psk.txt"
} }
} }
} }

2
services/service/service_template.nomad
View File

@ -274,7 +274,7 @@ PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/mysql_stunnel_psk.txt
[redis_client] [redis_client]
client = yes client = yes
accept = 127.0.0.1:6379 accept = 127.0.0.1:6379
{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "redis-tls" -}} {{ range nomadService 1 (env "NOMAD_ALLOC_ID") "redis-${name}" -}}
connect = {{ .Address }}:{{ .Port }} connect = {{ .Address }}:{{ .Port }}
{{- end }} {{- end }}
PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/redis_stunnel_psk.txt PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/redis_stunnel_psk.txt