module "authelia" {
  source = "./service"

  name         = "authelia"
  image        = "authelia/authelia:latest"
  ingress      = true
  service_port = 9091
  ports = [
    {
      name = "metrics"
    }
  ]
  metrics_port_name = "metrics"

  templates = [
    {
      data        = file("${path.module}/authelia.yml")
      dest_prefix = "local/"
      dest        = "/config/configuration.yml"
    },
  ]

  service_tags = [
    "traefik.http.routers.authelia-internal.entryPoints=auth",
    "traefik.http.routers.authelia-internal.rule=Path(`/api/verify`)",
    "traefik.http.middlewares.authelia.forwardAuth.address=http://localhost:8999/api/verify?rd=https%3A%2F%2Fauthelia.thefij.rocks%2F",
    "traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true",
    "traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email",
    "traefik.http.middlewares.authelia-basic.forwardAuth.address=http://localhost:8999/api/verify?auth=basic",
    "traefik.http.middlewares.authelia-basic.forwardAuth.trustForwardHeader=true",
    "traefik.http.middlewares.authelia-basic.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email",
  ]

  use_vault = true
  use_ldap  = true
  use_redis = true
  use_mysql = true

  mysql_bootstrap = {
    vault_key = "kv/data/authelia"
  }
}

# locals {
#   authelia_config = templatefile(
#     "${path.module}/authelia.yml",
#     {
#     }
#   )
# }

# resource "nomad_job" "authelia" {
#   hcl2 {
#     enabled = true
#     vars = {
#       config_data = "${local.authelia_config}",
#     }
#   }
#
#   jobspec = file("${path.module}/authelia.nomad")
# }