From 4fe3d46d5f82f70208d1088935608567d2e80765 Mon Sep 17 00:00:00 2001
From: Ian Fijolek <ian@iamthefij.com>
Date: Tue, 16 Jan 2024 14:15:56 -0800
Subject: [PATCH] Add external service acls for authelia

---
 core/authelia.yml  | 12 ++++++------
 services/sonarr.tf | 12 ++++++++++++
 2 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/core/authelia.yml b/core/authelia.yml
index cabce0c..8da887a 100644
--- a/core/authelia.yml
+++ b/core/authelia.yml
@@ -151,12 +151,12 @@ access_control:
       networks: 192.168.5.0/24
 
   rules:
-    # Bypass auth for Sonarr API since that has it's own authentication
-    - domain: 'sonarr.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}'
-      policy: bypass
-      resources:
-        - '^/api([/?].*)?$'
-
+    {{ range nomadVarList "authelia/access_control/service_rules" -}}
+    {{- with nomadVar .Path -}}
+    - domain: '{{ .name }}.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}'
+{{ .rule.Value | indent 6 }}
+    {{- end }}
+    {{- end }}
     ## Rules applied to everyone
     - domain: '*.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}'
       networks:
diff --git a/services/sonarr.tf b/services/sonarr.tf
index 5363f0b..9327eb6 100644
--- a/services/sonarr.tf
+++ b/services/sonarr.tf
@@ -36,3 +36,15 @@ module "sonarr" {
     memory_max = 700
   }
 }
+
+resource "nomad_variable" "authelia_service_rules_sonarr" {
+  path = "authelia/access_control/service_rules/sonarr"
+  items = {
+    name = "sonarr"
+    rule = <<EOH
+policy: bypass
+resources:
+  - '^/api([/?].*)?$'
+    EOH
+  }
+}