diff --git a/.secrets-baseline b/.secrets-baseline index a24de3c..e3061a3 100644 --- a/.secrets-baseline +++ b/.secrets-baseline @@ -150,7 +150,7 @@ "filename": "core/authelia.yml", "hashed_secret": "7cb6efb98ba5972a9b5090dc2e517fe14d12cb04", "is_verified": false, - "line_number": 55, + "line_number": 54, "is_secret": false }, { @@ -158,7 +158,7 @@ "filename": "core/authelia.yml", "hashed_secret": "a32b08d97b1615dc27f58b6b17f67624c04e2c4f", "is_verified": false, - "line_number": 186, + "line_number": 185, "is_secret": false } ], @@ -213,5 +213,5 @@ } ] }, - "generated_at": "2023-07-07T22:48:34Z" + "generated_at": "2023-07-07T23:34:07Z" } diff --git a/core/authelia.yml b/core/authelia.yml index ea64475..21fe9fe 100644 --- a/core/authelia.yml +++ b/core/authelia.yml @@ -1,6 +1,6 @@ theme: auto -# jwt_secret: < in file > +# jwt_secret: {{ with nomadVar "nomad/jobs" }} default_redirection_url: https://authelia.{{ .base_hostname }}/ @@ -20,7 +20,6 @@ log: ## Level of verbosity for logs: info, debug, trace. level: debug - ## Format the logs are written as: json, text. format: json telemetry: diff --git a/core/main.tf b/core/main.tf index f31bde6..396e90d 100644 --- a/core/main.tf +++ b/core/main.tf @@ -57,14 +57,16 @@ resource "nomad_job" "lldap" { module "authelia" { source = "../services/service" - name = "authelia" - instance_count = 2 - priority = 70 - image = "authelia/authelia:latest" - args = ["--config", "$${NOMAD_TASK_DIR}/authelia.yml"] - ingress = true - service_port = 9091 + name = "authelia" + instance_count = 2 + priority = 70 + image = "authelia/authelia:latest" + args = ["--config", "$${NOMAD_TASK_DIR}/authelia.yml"] + ingress = true + service_port = 9091 + service_port_static = true # metrics_port = 9959 + env = { AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE = "$${NOMAD_SECRETS_DIR}/ldap_password.txt" AUTHELIA_JWT_SECRET_FILE = "$${NOMAD_SECRETS_DIR}/jwt_secret.txt" @@ -86,10 +88,10 @@ module "authelia" { service_tags = [ # Configure traefik to add this middleware - "traefik.http.middlewares.authelia.forwardAuth.address=http://$${NOMAD_IP_main}:$${NOMAD_HOST_PORT_main}/api/verify?rd=https%3A%2F%2Fauthelia.thefij.rocks%2F", + "traefik.http.middlewares.authelia.forwardAuth.address=http://authelia.nomad:9091/api/verify?rd=https%3A%2F%2Fauthelia.thefij.rocks%2F", "traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true", "traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email", - "traefik.http.middlewares.authelia-basic.forwardAuth.address=http://$${NOMAD_IP_main}:$${NOMAD_HOST_PORT_main}/api/verify?auth=basic", + "traefik.http.middlewares.authelia-basic.forwardAuth.address=http://authelia.nomad:9091/api/verify?auth=basic", "traefik.http.middlewares.authelia-basic.forwardAuth.trustForwardHeader=true", "traefik.http.middlewares.authelia-basic.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email", ] diff --git a/core/traefik/traefik.nomad b/core/traefik/traefik.nomad index 0986431..e1beaec 100644 --- a/core/traefik/traefik.nomad +++ b/core/traefik/traefik.nomad @@ -40,6 +40,15 @@ job "traefik" { port "syslog" { static = 514 } + + dns { + servers = [ + "192.168.2.101", + "192.168.2.102", + "192.168.2.30", + "192.168.2.170", + ] + } } ephemeral_disk {