Add external service acls for authelia

2024-01-16 14:15:56 -08:00 · 2024-01-16 14:15:56 -08:00 · 4fe3d46d5f
parent cf8bde7920
commit 4fe3d46d5f
2 changed files with 18 additions and 6 deletions
--- a/core/authelia.yml
+++ b/core/authelia.yml
@ -151,12 +151,12 @@ access_control:
      networks: 192.168.5.0/24

  rules:
-    # Bypass auth for Sonarr API since that has it's own authentication
-    - domain: 'sonarr.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}'
-      policy: bypass
-      resources:
-        - '^/api([/?].*)?$'
-
+    {{ range nomadVarList "authelia/access_control/service_rules" -}}
+    {{- with nomadVar .Path -}}
+    - domain: '{{ .name }}.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}'
+{{ .rule.Value | indent 6 }}
+    {{- end }}
+    {{- end }}
    ## Rules applied to everyone
    - domain: '*.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}'
      networks:
--- a/services/sonarr.tf
+++ b/services/sonarr.tf
@ -36,3 +36,15 @@ module "sonarr" {
    memory_max = 700
  }
 }
+
+resource "nomad_variable" "authelia_service_rules_sonarr" {
+  path = "authelia/access_control/service_rules/sonarr"
+  items = {
+    name = "sonarr"
+    rule = <<EOH
+policy: bypass
+resources:
+  - '^/api([/?].*)?$'
+    EOH
+  }
+}