Use static port for Authelia so that nomad middleware config is the same for each service

2023-07-07 16:34:50 -07:00 · 2023-07-07 16:34:50 -07:00 · 744466bf07
parent d0641f8edf
commit 744466bf07
4 changed files with 24 additions and 14 deletions
--- a/.secrets-baseline
+++ b/.secrets-baseline
@ -150,7 +150,7 @@
        "filename": "core/authelia.yml",
        "hashed_secret": "7cb6efb98ba5972a9b5090dc2e517fe14d12cb04",
        "is_verified": false,
-        "line_number": 55,
+        "line_number": 54,
        "is_secret": false
      },
      {
@ -158,7 +158,7 @@
        "filename": "core/authelia.yml",
        "hashed_secret": "a32b08d97b1615dc27f58b6b17f67624c04e2c4f",
        "is_verified": false,
-        "line_number": 186,
+        "line_number": 185,
        "is_secret": false
      }
    ],
@ -213,5 +213,5 @@
      }
    ]
  },
-  "generated_at": "2023-07-07T22:48:34Z"
+  "generated_at": "2023-07-07T23:34:07Z"
 }
--- a/core/authelia.yml
+++ b/core/authelia.yml
@ -1,6 +1,6 @@
 theme: auto

-# jwt_secret: < in file >
+# jwt_secret: <file>

 {{ with nomadVar "nomad/jobs" }}
 default_redirection_url: https://authelia.{{ .base_hostname }}/
@ -20,7 +20,6 @@ log:
  ## Level of verbosity for logs: info, debug, trace.
  level: debug

-  ## Format the logs are written as: json, text.
  format: json

 telemetry:
--- a/core/main.tf
+++ b/core/main.tf
@ -57,14 +57,16 @@ resource "nomad_job" "lldap" {
 module "authelia" {
  source = "../services/service"

-  name           = "authelia"
-  instance_count = 2
-  priority       = 70
-  image          = "authelia/authelia:latest"
-  args           = ["--config", "$${NOMAD_TASK_DIR}/authelia.yml"]
-  ingress        = true
-  service_port   = 9091
+  name                = "authelia"
+  instance_count      = 2
+  priority            = 70
+  image               = "authelia/authelia:latest"
+  args                = ["--config", "$${NOMAD_TASK_DIR}/authelia.yml"]
+  ingress             = true
+  service_port        = 9091
+  service_port_static = true
  # metrics_port = 9959
+
  env = {
    AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE       = "$${NOMAD_SECRETS_DIR}/ldap_password.txt"
    AUTHELIA_JWT_SECRET_FILE                                 = "$${NOMAD_SECRETS_DIR}/jwt_secret.txt"
@ -86,10 +88,10 @@ module "authelia" {

  service_tags = [
    # Configure traefik to add this middleware
-    "traefik.http.middlewares.authelia.forwardAuth.address=http://$${NOMAD_IP_main}:$${NOMAD_HOST_PORT_main}/api/verify?rd=https%3A%2F%2Fauthelia.thefij.rocks%2F",
+    "traefik.http.middlewares.authelia.forwardAuth.address=http://authelia.nomad:9091/api/verify?rd=https%3A%2F%2Fauthelia.thefij.rocks%2F",
    "traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true",
    "traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email",
-    "traefik.http.middlewares.authelia-basic.forwardAuth.address=http://$${NOMAD_IP_main}:$${NOMAD_HOST_PORT_main}/api/verify?auth=basic",
+    "traefik.http.middlewares.authelia-basic.forwardAuth.address=http://authelia.nomad:9091/api/verify?auth=basic",
    "traefik.http.middlewares.authelia-basic.forwardAuth.trustForwardHeader=true",
    "traefik.http.middlewares.authelia-basic.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email",
  ]
--- a/core/traefik/traefik.nomad
+++ b/core/traefik/traefik.nomad
@ -40,6 +40,15 @@ job "traefik" {
      port "syslog" {
        static = 514
      }
+
+      dns {
+        servers = [
+          "192.168.2.101",
+          "192.168.2.102",
+          "192.168.2.30",
+          "192.168.2.170",
+        ]
+      }
    }

    ephemeral_disk {