Change from basic auth to authelia

2025-05-03 18:00:30 +10:00
parent 195df929e3
commit 1a4d434d5b
9 changed files with 298 additions and 36 deletions
--- a/2-nomad-config/authelia.nomad.hcl
+++ b/2-nomad-config/authelia.nomad.hcl
@@ -0,0 +1,101 @@
+job "authelia" {
+  group "authelia" {
+    network {
+      port "http" {
+        static = 9091
+      }
+    }
+
+    service {
+      name = "auth"
+      port = "http"
+
+      tags = [
+        "traefik.enable=true",
+      ]
+
+      check {
+        type     = "http"
+        path     = "/health"
+        interval = "10s"
+        timeout  = "2s"
+      }
+    }
+
+    task "authelia" {
+      driver = "docker"
+
+      config {
+        image = "authelia/authelia:latest"
+
+        ports = ["http"]
+
+        volumes = [
+          "local/config:/config",
+          "local/data:/data" # TODO: Move this to a volume
+        ]
+      }
+
+      resources {
+        cpu    = 100
+        memory = 128
+      }
+
+      template {
+        data = <<EOF
+server:
+  address: tcp://0.0.0.0:{{ env "NOMAD_PORT_http" }}/
+theme: "auto"
+identity_validation:
+  reset_password:
+    jwt_secret: "{{ with nomadVar "nomad/jobs/authelia" }}{{ .jwt_secret }}{{ end }}"
+
+authentication_backend:
+  file:
+    path: /config/users_database.yml
+
+access_control:
+  default_policy: deny
+  rules:
+    - domain: "*.othrayte.one"
+      policy: one_factor
+    # Disable auth for authelia
+    #- domain: "auth.othrayte.one"
+    #  policy: bypass
+
+session:
+  name: authelia_session
+  secret: "{{ with nomadVar "nomad/jobs/authelia" }}{{ .session_secret }}{{ end }}"
+  expiration: 3600
+  cookies:
+    - domain: othrayte.one
+      authelia_url: "https://auth.othrayte.one"
+
+storage:
+  local:
+    path: /config/db.sqlite3
+  encryption_key: "{{ with nomadVar "nomad/jobs/authelia" }}{{ .encryption_key }}{{ end }}"
+
+notifier:
+  filesystem:
+    filename: /config/notification.txt
+EOF
+
+        destination = "local/config/configuration.yml"
+      }
+
+      template {
+        data = <<EOF
+# Users database for Authelia
+users:
+  othrayte:
+    password: "$2y$10$FeemMJevZXq6y1pc6FNOXeIlthGWiGHRmMfpV33BNcpChA5ozLUmK"
+    displayname: "Adrian"
+    email: "othrayte@gmail.com"
+EOF
+
+        destination = "local/config/users_database.yml"
+      }
+    }
+  }
+}