From 4fe3d46d5f82f70208d1088935608567d2e80765 Mon Sep 17 00:00:00 2001 From: Ian Fijolek Date: Tue, 16 Jan 2024 14:15:56 -0800 Subject: [PATCH] Add external service acls for authelia --- core/authelia.yml | 12 ++++++------ services/sonarr.tf | 12 ++++++++++++ 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/core/authelia.yml b/core/authelia.yml index cabce0c..8da887a 100644 --- a/core/authelia.yml +++ b/core/authelia.yml @@ -151,12 +151,12 @@ access_control: networks: 192.168.5.0/24 rules: - # Bypass auth for Sonarr API since that has it's own authentication - - domain: 'sonarr.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}' - policy: bypass - resources: - - '^/api([/?].*)?$' - + {{ range nomadVarList "authelia/access_control/service_rules" -}} + {{- with nomadVar .Path -}} + - domain: '{{ .name }}.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}' +{{ .rule.Value | indent 6 }} + {{- end }} + {{- end }} ## Rules applied to everyone - domain: '*.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}' networks: diff --git a/services/sonarr.tf b/services/sonarr.tf index 5363f0b..9327eb6 100644 --- a/services/sonarr.tf +++ b/services/sonarr.tf @@ -36,3 +36,15 @@ module "sonarr" { memory_max = 700 } } + +resource "nomad_variable" "authelia_service_rules_sonarr" { + path = "authelia/access_control/service_rules/sonarr" + items = { + name = "sonarr" + rule = <