Bump authelia

Fixes long standing bug since switching over to auto generated secrets.
I forgot to update the bound audiences! This was somewhat mentioned in the
error, but I didn't understand it.

ansible_playbooks/setup-cluster.yml

@@ -95,9 +95,6 @@
       - name: media-read
         path: /srv/volumes/media-write
         read_only: true
-      - name: media-overflow-read
-        path: /srv/volumes/nas-overflow/Media
-        read_only: true
       - name: media-write
         path: /srv/volumes/media-write
         owner: "root"
@@ -134,9 +131,6 @@
       - name: radarr-config
         path: /srv/volumes/nas-container/radarr
         read_only: false
-      - name: jellyfin-config
-        path: /srv/volumes/nas-container/jellyfin
-        read_only: false
       - name: bazarr-config
         path: /srv/volumes/nas-container/bazarr
         read_only: false

core/authelia.tf

@@ -4,7 +4,7 @@ module "authelia" {
   name                = "authelia"
   instance_count      = 2
   priority            = 70
-  image               = "authelia/authelia:4.37"
+  image               = "authelia/authelia:4.38"
   args                = ["--config", "$${NOMAD_TASK_DIR}/authelia.yml"]
   ingress             = true
   service_port        = 9999
@@ -172,7 +172,7 @@ resource "nomad_acl_auth_method" "nomad_authelia" {
     oidc_discovery_url = "https://authelia.${var.base_hostname}"
     oidc_client_id     = module.nomad_oidc_client.client_id
     oidc_client_secret = module.nomad_oidc_client.secret
-    bound_audiences    = ["nomad"]
+    bound_audiences    = [module.nomad_oidc_client.client_id]
     oidc_scopes = [
       "groups",
       "openid",
@@ -190,7 +190,7 @@ resource "nomad_acl_auth_method" "nomad_authelia" {
 resource "nomad_acl_binding_rule" "nomad_authelia_admin" {
   description = "engineering rule"
   auth_method = nomad_acl_auth_method.nomad_authelia.name
-  selector    = "\"nomad-deploy\" in list.roles"
+  selector    = "\"nomad-admin\" in list.roles"
   bind_type   = "role"
   bind_name   = "admin" # acls.nomad_acl_role.admin.name
 }

services/jellyfin.tf

@@ -1,53 +0,0 @@
-module "jellyfin" {
-  source = "./service"
-
-  name  = "jellyfin"
-  image = "lscr.io/linuxserver/jellyfin:10.10.3"
-
-  ingress      = true
-  service_port = 8096
-  use_wesher   = var.use_wesher
-  ports = [
-    {
-      name        = "discovery"
-      static      = 7359,
-      task_config = true,
-    },
-    {
-      name        = "dnla",
-      static      = 1900,
-      task_config = true,
-    },
-  ]
-
-  env = {
-    PGID = 100
-    PUID = 1001
-    TZ   = "America/Los_Angeles"
-
-    JELLYFIN_PublishedServerUrl = "https://jellyfin.thefij.rocks"
-  }
-
-  host_volumes = [
-    {
-      name      = "jellyfin-config"
-      dest      = "/config"
-      read_only = false
-    },
-    {
-      name      = "media-read"
-      dest      = "/media"
-      read_only = true
-    },
-    {
-      name      = "media-overflow-read"
-      dest      = "/media-overflow"
-      read_only = true
-    },
-  ]
-
-  resources = {
-    cpu    = 500
-    memory = 1200
-  }
-}