homelab-nomad/services/authelia.nomad
Ian Fijolek e8c49ad8d6 WIP: Lots more authelia
It was working before adding the secrets and db
2022-11-22 10:04:31 -08:00

115 lines
2.5 KiB
HCL

variable "config_data" {
type = string
description = "Authelia YAML config"
}
job "authelia" {
datacenters = ["dc1"]
type = "service"
priority = 80
group "authelia" {
count = 1
network {
mode = "bridge"
port "main" {
host_network = "loopback"
to = 9091
}
port "metrics" {
to = 9959
}
}
service {
name = "authelia"
port = "main"
meta {
metrics_addr = "${NOMAD_ADDR_metrics}"
}
connect {
sidecar_service {
proxy {
local_service_port = 9091
expose {
path {
path = "/metrics"
protocol = "http"
local_path_port = 9959
listener_port = "metrics"
}
}
upstreams {
destination_name = "ldap"
local_bind_port = 4820
}
upstreams {
destination_name = "redis"
local_bind_port = 6379
}
}
}
sidecar_task {
resources {
cpu = 50
memory = 50
}
}
}
tags = [
"traefik.enable=true",
"traefik.http.routers.authelia.entryPoints=websecure,auth",
"traefik.http.middlewares.authelia.forwardAuth.address=http://localhost:8999/api/verify?rd=https%3A%2F%2Fauthelia.thefij.rocks%2F",
"traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true",
"traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email",
"traefik.http.middlewares.authelia-basic.forwardAuth.address=http://http://localhost:8999/api/verify?auth=basic",
"traefik.http.middlewares.authelia-basic.forwardAuth.trustForwardHeader=true",
"traefik.http.middlewares.authelia-basic.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email",
]
}
task "authelia" {
driver = "docker"
config {
image = "authelia/authelia"
ports = ["main"]
mount {
type = "bind"
target = "/config"
source = "config"
}
}
vault {
policies = [
"access-tables",
"nomad-task",
]
}
template {
data = var.config_data
destination = "/config/configuration.yml"
}
resources {
cpu = 50
memory = 50
}
}
}
}