iamthefij/homelab-nomad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: iamthefij:tdarr
Branches Tags
iamthefij:main
iamthefij:tdarr
iamthefij:jellyfin
iamthefij:add-servers
iamthefij:lego
iamthefij:test-cluster
iamthefij:diun-task-socket
iamthefij:stateful-job-meta
iamthefij:grafana-influxdb
iamthefij:tubesync
iamthefij:authelia
iamthefij:nomad-only
iamthefij:gitea
iamthefij:immich
iamthefij:consul-acls
iamthefij:step-ca
..
compare: iamthefij:main
Branches Tags
iamthefij:main
iamthefij:tdarr
iamthefij:jellyfin
iamthefij:add-servers
iamthefij:lego
iamthefij:test-cluster
iamthefij:diun-task-socket
iamthefij:stateful-job-meta
iamthefij:grafana-influxdb
iamthefij:tubesync
iamthefij:authelia
iamthefij:nomad-only
iamthefij:gitea
iamthefij:immich
iamthefij:consul-acls
iamthefij:step-ca

2 Commits
tdarr ... main

Author SHA1 Message Date
Ian Fijolek
908d960f94 Bump authelia 2024-12-20 11:21:01 -08:00
Ian Fijolek
32e34db160 Fix nomad authelia auth 
Fixes long standing bug since switching over to auto generated secrets.
I forgot to update the bound audiences! This was somewhat mentioned in the
error, but I didn't understand it.
 2024-12-20 11:20:44 -08:00
3 changed files with 3 additions and 46 deletions
Show Stats Expand all files Collapse all files

3
ansible_playbooks/setup-cluster.yml
View File

@ -131,9 +131,6 @@
- name: radarr-config
path: /srv/volumes/nas-container/radarr
read_only: false
- name: tdarr-config
path: /srv/volumes/nas-container/tdarr
read_only: false
- name: bazarr-config
path: /srv/volumes/nas-container/bazarr
read_only: false

6
core/authelia.tf
View File

@ -4,7 +4,7 @@ module "authelia" {
name = "authelia"
instance_count = 2
priority = 70
image = "authelia/authelia:4.37"
image = "authelia/authelia:4.38"
args = ["--config", "$${NOMAD_TASK_DIR}/authelia.yml"]
ingress = true
service_port = 9999
@ -172,7 +172,7 @@ resource "nomad_acl_auth_method" "nomad_authelia" {
oidc_discovery_url = "https://authelia.${var.base_hostname}"
oidc_client_id = module.nomad_oidc_client.client_id
oidc_client_secret = module.nomad_oidc_client.secret
bound_audiences = ["nomad"]
bound_audiences = [module.nomad_oidc_client.client_id]
oidc_scopes = [
"groups",
"openid",
@ -190,7 +190,7 @@ resource "nomad_acl_auth_method" "nomad_authelia" {
resource "nomad_acl_binding_rule" "nomad_authelia_admin" {
description = "engineering rule"
auth_method = nomad_acl_auth_method.nomad_authelia.name
selector = "\"nomad-deploy\" in list.roles"
selector = "\"nomad-admin\" in list.roles"
bind_type = "role"
bind_name = "admin" # acls.nomad_acl_role.admin.name
}

40
services/tdarr.tf
View File

@ -1,40 +0,0 @@
module "tdarr" {
source = "./service"
name = "tdarr"
image = "ghcr.io/haveagitgat/tdarr:latest"
image_pull_timeout = "10m"
ingress = true
service_port = 8265
use_wesher = var.use_wesher
env = {
PGID = 100
PUID = 1001
TZ = "America/Los_Angeles"
internalNode = true
inContainer = true
}
host_volumes = [
{
name = "tdarr-config"
dest = "/app/configs"
read_only = false
},
{
name = "media-write"
dest = "/media"
read_only = false
},
{
name = "media-overflow-write"
dest = "/media-overflow"
read_only = false
},
]
}