Add external service acls for authelia

core/authelia.yml

@@ -151,12 +151,12 @@ access_control:
       networks: 192.168.5.0/24
 
   rules:
-    # Bypass auth for Sonarr API since that has it's own authentication
-    - domain: 'sonarr.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}'
-      policy: bypass
-      resources:
-        - '^/api([/?].*)?$'
-
+    {{ range nomadVarList "authelia/access_control/service_rules" -}}
+    {{- with nomadVar .Path -}}
+    - domain: '{{ .name }}.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}'
+{{ .rule.Value | indent 6 }}
+    {{- end }}
+    {{- end }}
     ## Rules applied to everyone
     - domain: '*.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}'
       networks:

services/sonarr.tf

@@ -36,3 +36,15 @@ module "sonarr" {
     memory_max = 700
   }
 }
+
+resource "nomad_variable" "authelia_service_rules_sonarr" {
+  path = "authelia/access_control/service_rules/sonarr"
+  items = {
+    name = "sonarr"
+    rule = <<EOH
+policy: bypass
+resources:
+  - '^/api([/?].*)?$'
+    EOH
+  }
+}