Use static port for Authelia so that nomad middleware config is the same for each service

.secrets-baseline

@@ -150,7 +150,7 @@
         "filename": "core/authelia.yml",
         "hashed_secret": "7cb6efb98ba5972a9b5090dc2e517fe14d12cb04",
         "is_verified": false,
-        "line_number": 55,
+        "line_number": 54,
         "is_secret": false
       },
       {
@@ -158,7 +158,7 @@
         "filename": "core/authelia.yml",
         "hashed_secret": "a32b08d97b1615dc27f58b6b17f67624c04e2c4f",
         "is_verified": false,
-        "line_number": 186,
+        "line_number": 185,
         "is_secret": false
       }
     ],
@@ -213,5 +213,5 @@
       }
     ]
   },
-  "generated_at": "2023-07-07T22:48:34Z"
+  "generated_at": "2023-07-07T23:34:07Z"
 }

core/authelia.yml

@@ -1,6 +1,6 @@
 theme: auto
 
-# jwt_secret: < in file >
+# jwt_secret: <file>
 
 {{ with nomadVar "nomad/jobs" }}
 default_redirection_url: https://authelia.{{ .base_hostname }}/
@@ -20,7 +20,6 @@ log:
   ## Level of verbosity for logs: info, debug, trace.
   level: debug
 
-  ## Format the logs are written as: json, text.
   format: json
 
 telemetry:

core/main.tf

@@ -57,14 +57,16 @@ resource "nomad_job" "lldap" {
 module "authelia" {
   source = "../services/service"
 
-  name           = "authelia"
+  name                = "authelia"
-  instance_count = 2
+  instance_count      = 2
-  priority       = 70
+  priority            = 70
-  image          = "authelia/authelia:latest"
+  image               = "authelia/authelia:latest"
-  args           = ["--config", "$${NOMAD_TASK_DIR}/authelia.yml"]
+  args                = ["--config", "$${NOMAD_TASK_DIR}/authelia.yml"]
-  ingress        = true
+  ingress             = true
-  service_port   = 9091
+  service_port        = 9091
+  service_port_static = true
   # metrics_port = 9959
+
   env = {
     AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE       = "$${NOMAD_SECRETS_DIR}/ldap_password.txt"
     AUTHELIA_JWT_SECRET_FILE                                 = "$${NOMAD_SECRETS_DIR}/jwt_secret.txt"
@@ -86,10 +88,10 @@ module "authelia" {
 
   service_tags = [
     # Configure traefik to add this middleware
-    "traefik.http.middlewares.authelia.forwardAuth.address=http://$${NOMAD_IP_main}:$${NOMAD_HOST_PORT_main}/api/verify?rd=https%3A%2F%2Fauthelia.thefij.rocks%2F",
+    "traefik.http.middlewares.authelia.forwardAuth.address=http://authelia.nomad:9091/api/verify?rd=https%3A%2F%2Fauthelia.thefij.rocks%2F",
     "traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true",
     "traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email",
-    "traefik.http.middlewares.authelia-basic.forwardAuth.address=http://$${NOMAD_IP_main}:$${NOMAD_HOST_PORT_main}/api/verify?auth=basic",
+    "traefik.http.middlewares.authelia-basic.forwardAuth.address=http://authelia.nomad:9091/api/verify?auth=basic",
     "traefik.http.middlewares.authelia-basic.forwardAuth.trustForwardHeader=true",
     "traefik.http.middlewares.authelia-basic.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email",
   ]

core/traefik/traefik.nomad

@@ -40,6 +40,15 @@ job "traefik" {
       port "syslog" {
         static = 514
       }
+
+      dns {
+        servers = [
+          "192.168.2.101",
+          "192.168.2.102",
+          "192.168.2.30",
+          "192.168.2.170",
+        ]
+      }
     }
 
     ephemeral_disk {