module "blocky" { source = "./blocky" base_hostname = var.base_hostname # Not in this module # depends_on = [module.databases] } module "traefik" { source = "./traefik" base_hostname = var.base_hostname } module "metrics" { source = "./metrics" # Not in this module # depends_on = [module.databases] } resource "nomad_job" "nomad-client-stalker" { # Stalker used to allow using Nomad service registry to identify nomad client hosts jobspec = file("${path.module}/nomad-client-stalker.nomad") } module "loki" { source = "../services/service" name = "loki" image = "grafana/loki:2.2.1" args = ["--config.file=$${NOMAD_TASK_DIR}/loki-config.yml"] service_port = 3100 ingress = true sticky_disk = true # healthcheck = "/ready" templates = [ { data = file("${path.module}/loki-config.yml") dest = "loki-config.yml" mount = false } ] } resource "nomad_job" "syslog-ng" { jobspec = file("${path.module}/syslogng.nomad") } resource "nomad_job" "ddclient" { jobspec = file("${path.module}/ddclient.nomad") } resource "nomad_job" "lldap" { jobspec = file("${path.module}/lldap.nomad") } module "authelia" { source = "../services/service" name = "authelia" priority = 70 image = "authelia/authelia:latest" args = ["--config", "$${NOMAD_TASK_DIR}/authelia.yml"] ingress = true service_port = 9091 # metrics_port = 9959 env = { AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE = "$${NOMAD_SECRETS_DIR}/ldap_password.txt" AUTHELIA_JWT_SECRET_FILE = "$${NOMAD_SECRETS_DIR}/jwt_secret.txt" AUTHELIA_SESSION_SECRET_FILE = "$${NOMAD_SECRETS_DIR}/session_secret.txt" AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE = "$${NOMAD_SECRETS_DIR}/storage_encryption_key.txt" AUTHELIA_STORAGE_MYSQL_PASSWORD_FILE = "$${NOMAD_SECRETS_DIR}/mysql_password.txt" AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE = "$${NOMAD_SECRETS_DIR}/smtp_password.txt" } use_mysql = true use_ldap = true mysql_bootstrap = { enabled = true } service_tags = [ # Configure traefik to add this middleware "traefik.http.middlewares.authelia.forwardAuth.address=http://$${NOMAD_IP_main}:$${NOMAD_HOST_PORT_main}/api/verify?rd=https%3A%2F%2Fauthelia.thefij.rocks%2F", "traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true", "traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email", "traefik.http.middlewares.authelia-basic.forwardAuth.address=http://$${NOMAD_IP_main}:$${NOMAD_HOST_PORT_main}/api/verify?auth=basic", "traefik.http.middlewares.authelia-basic.forwardAuth.trustForwardHeader=true", "traefik.http.middlewares.authelia-basic.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email", ] templates = [ { data = file("${path.module}/authelia.yml") dest = "authelia.yml" mount = false }, { data = "{{ with nomadVar \"nomad/jobs/authelia\" }}{{ .lldap_admin_password }}{{ end }}" dest_prefix = "$${NOMAD_SECRETS_DIR}" dest = "ldap_password.txt" mount = false }, { data = "{{ with nomadVar \"nomad/jobs/authelia\" }}{{ .jwt_secret }}{{ end }}" dest_prefix = "$${NOMAD_SECRETS_DIR}" dest = "jwt_secret.txt" mount = false }, { data = "{{ with nomadVar \"nomad/jobs/authelia\" }}{{ .session_secret }}{{ end }}" dest_prefix = "$${NOMAD_SECRETS_DIR}" dest = "session_secret.txt" mount = false }, { data = "{{ with nomadVar \"nomad/jobs/authelia\" }}{{ .storage_encryption_key }}{{ end }}" dest_prefix = "$${NOMAD_SECRETS_DIR}" dest = "storage_encryption_key.txt" mount = false }, { data = "{{ with nomadVar \"nomad/jobs/authelia\" }}{{ .db_pass }}{{ end }}" dest_prefix = "$${NOMAD_SECRETS_DIR}" dest = "mysql_password.txt" mount = false }, { data = "{{ with nomadVar \"nomad/jobs\" }}{{ .smtp_password }}{{ end }}" dest_prefix = "$${NOMAD_SECRETS_DIR}" dest = "smtp_password.txt" mount = false }, ] }