Enable redis for authelia

This also splits redis instances by service
This commit is contained in:
IamTheFij 2023-07-07 15:50:23 -07:00
parent b0c1aca497
commit 0a7ad7a9dc
7 changed files with 30 additions and 24 deletions

View File

@ -158,7 +158,7 @@
"filename": "core/authelia.yml",
"hashed_secret": "a32b08d97b1615dc27f58b6b17f67624c04e2c4f",
"is_verified": false,
"line_number": 187,
"line_number": 186,
"is_secret": false
}
],
@ -213,5 +213,5 @@
}
]
},
"generated_at": "2023-07-07T07:39:31Z"
"generated_at": "2023-07-07T22:48:34Z"
}

View File

@ -178,16 +178,15 @@ session:
inactivity: 5m
remember_me_duration: 1M
# TODO: use redis when I figure out authentication and database indexes
# redis:
# host:
# port:
#
# # username: authelia
# # password: authelia
redis:
host: 127.0.0.1
port: 6379
# username: authelia
# password: authelia
# database_index: 0
# maximum_active_connections: 8
# minimum_idle_connections: 0
maximum_active_connections: 8
minimum_idle_connections: 0
regulation:
max_retries: 3

View File

@ -150,7 +150,7 @@ PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/mysql_stunnel_psk.txt
[redis_client]
client = yes
accept = 127.0.0.1:6379
{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "redis-tls" -}}
{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "redis-blocky" -}}
connect = {{ .Address }}:{{ .Port }}
{{- end }}
PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/stunnel_psk.txt

View File

@ -78,6 +78,7 @@ module "authelia" {
use_mysql = true
use_ldap = true
use_redis = true
mysql_bootstrap = {
enabled = true
}

View File

@ -21,11 +21,17 @@ resource "nomad_job" "postgres-server" {
}
resource "nomad_job" "redis" {
for_each = toset(["blocky", "authelia"])
hcl2 {
enabled = true
}
jobspec = file("${path.module}/redis.nomad")
jobspec = templatefile("${path.module}/redis.nomad",
{
name = each.key,
}
)
# Block until deployed as there are servics dependent on this one
detach = false

View File

@ -1,4 +1,4 @@
job "redis" {
job "redis-${name}" {
datacenters = ["dc1"]
type = "service"
priority = 80
@ -19,7 +19,7 @@ job "redis" {
}
service {
name = "redis-tls"
name = "redis-${name}"
provider = "nomad"
port = "tls"
}
@ -29,7 +29,7 @@ job "redis" {
config {
image = "redis:6"
args = ["redis-server", "--save", "60", "1", "--loglevel", "warning", "--dir", "${NOMAD_ALLOC_DIR}/data"]
args = ["redis-server", "--save", "60", "1", "--loglevel", "warning", "--dir", "$${NOMAD_ALLOC_DIR}/data"]
ports = ["main"]
}
@ -46,7 +46,7 @@ job "redis" {
config {
image = "alpine:3.17"
ports = ["tls"]
args = ["/bin/sh", "${NOMAD_TASK_DIR}/start.sh"]
args = ["/bin/sh", "$${NOMAD_TASK_DIR}/start.sh"]
}
resources {
@ -58,9 +58,9 @@ job "redis" {
data = <<EOF
set -e
apk add stunnel
exec stunnel ${NOMAD_TASK_DIR}/stunnel.conf
exec stunnel $${NOMAD_TASK_DIR}/stunnel.conf
EOF
destination = "${NOMAD_TASK_DIR}/start.sh"
destination = "$${NOMAD_TASK_DIR}/start.sh"
}
template {
@ -76,16 +76,16 @@ connect = 127.0.0.1:6379
ciphers = PSK
PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/stunnel_psk.txt
EOF
destination = "${NOMAD_TASK_DIR}/stunnel.conf"
destination = "$${NOMAD_TASK_DIR}/stunnel.conf"
}
template {
data = <<EOF
{{ with nomadVar "nomad/jobs/redis" -}}
{{ with nomadVar "nomad/jobs/redis-${name}" -}}
{{ .allowed_psks }}
{{- end }}
EOF
destination = "${NOMAD_SECRETS_DIR}/stunnel_psk.txt"
destination = "$${NOMAD_SECRETS_DIR}/stunnel_psk.txt"
}
}
}

View File

@ -274,7 +274,7 @@ PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/mysql_stunnel_psk.txt
[redis_client]
client = yes
accept = 127.0.0.1:6379
{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "redis-tls" -}}
{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "redis-${name}" -}}
connect = {{ .Address }}:{{ .Port }}
{{- end }}
PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/redis_stunnel_psk.txt