Cleanup credentials and db use
This commit is contained in:
@@ -1,11 +1,25 @@
|
||||
job "authelia" {
|
||||
group "authelia" {
|
||||
network {
|
||||
mode = "bridge"
|
||||
port "http" {
|
||||
static = 9091
|
||||
}
|
||||
}
|
||||
|
||||
service {
|
||||
connect {
|
||||
sidecar_service {
|
||||
proxy {
|
||||
upstreams {
|
||||
destination_name = "postgres"
|
||||
local_bind_port = 5432
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
service {
|
||||
name = "auth"
|
||||
port = "http"
|
||||
@@ -59,9 +73,6 @@ access_control:
|
||||
rules:
|
||||
- domain: "*.othrayte.one"
|
||||
policy: one_factor
|
||||
# Disable auth for authelia
|
||||
#- domain: "auth.othrayte.one"
|
||||
# policy: bypass
|
||||
|
||||
session:
|
||||
name: authelia_session
|
||||
@@ -72,9 +83,14 @@ session:
|
||||
authelia_url: "https://auth.othrayte.one"
|
||||
|
||||
storage:
|
||||
local:
|
||||
path: /config/db.sqlite3
|
||||
encryption_key: "{{ with nomadVar "nomad/jobs/authelia" }}{{ .encryption_key }}{{ end }}"
|
||||
postgres:
|
||||
address: 'tcp://127.0.0.1:5432'
|
||||
database: 'authelia'
|
||||
schema: 'public'
|
||||
username: 'authelia'
|
||||
password: '{{ with nomadVar "nomad/jobs/authelia" }}{{ .database_pw }}{{ end }}'
|
||||
timeout: '5s'
|
||||
|
||||
notifier:
|
||||
filesystem:
|
||||
|
||||
@@ -2,11 +2,23 @@ resource "nomad_job" "authelia" {
|
||||
jobspec = file("authelia.nomad.hcl")
|
||||
}
|
||||
|
||||
resource "postgresql_role" "authelia" {
|
||||
name = "authelia"
|
||||
password = data.sops_file.secrets.data["authelia.database_pw"]
|
||||
login = true
|
||||
}
|
||||
|
||||
resource "postgresql_database" "authelia" {
|
||||
name = "authelia"
|
||||
owner = postgresql_role.authelia.name
|
||||
}
|
||||
|
||||
resource "nomad_variable" "authelia" {
|
||||
path = "nomad/jobs/authelia"
|
||||
items = {
|
||||
session_secret = data.sops_file.secrets.data["authelia.session_secret"]
|
||||
jwt_secret = data.sops_file.secrets.data["authelia.jwt_secret"]
|
||||
encryption_key = data.sops_file.secrets.data["authelia.encryption_key"]
|
||||
database_pw = data.sops_file.secrets.data["authelia.database_pw"]
|
||||
}
|
||||
}
|
||||
|
||||
@@ -74,7 +74,7 @@ DB_TYPE = postgres
|
||||
HOST = localhost:5432
|
||||
NAME = gitea
|
||||
USER = gitea
|
||||
PASSWD = gitea
|
||||
PASSWD = {{ with nomadVar "nomad/jobs/gitea" }}{{ .database_pw }}{{ end }}
|
||||
|
||||
[repository]
|
||||
ROOT = /data/git/repositories
|
||||
|
||||
@@ -18,12 +18,13 @@ resource "nomad_variable" "gitea" {
|
||||
items = {
|
||||
internal_token = data.sops_file.secrets.data["gitea.internal_token"]
|
||||
jwt_secret = data.sops_file.secrets.data["gitea.jwt_secret"]
|
||||
database_pw = data.sops_file.secrets.data["gitea.database_pw"]
|
||||
}
|
||||
}
|
||||
|
||||
resource "postgresql_role" "gitea" {
|
||||
name = "gitea"
|
||||
password = "gitea"
|
||||
password = data.sops_file.secrets.data["gitea.database_pw"]
|
||||
login = true
|
||||
}
|
||||
|
||||
|
||||
@@ -10,16 +10,18 @@
|
||||
"auth_key": "ENC[AES256_GCM,data:gzh4nqEOQLijp5DTGHHSn0aO1mFQUB3sVSdAVDLG+a2H6XJ0BtJJGU55oLJURy7E/um7gzwDofP5mwZGTA==,iv:yl8lHqnNLB2AXlBfMyw/0CAR7+KmyKKDFc7kxbo9S6c=,tag:CunYd62x3omji6ozqmhgOg==,type:str]"
|
||||
},
|
||||
"authelia": {
|
||||
"session_secret": "ENC[AES256_GCM,data:gPVSGzU00EjuW/NDD9bpsc+4DQ==,iv:IRzSKqfv2Quaj1bzrFaK0glCKEPrle+uI8fq/1HFi60=,tag:loiTEpEBGBwQETRWpOffNg==,type:str]",
|
||||
"jwt_secret": "ENC[AES256_GCM,data:7Q/0M5IY0vLsgCE0z78L,iv:f6GymDrq2/NlKJuMNnDDmG2GUAzhonNa8LXlr0x1elw=,tag:1ITT9WmD3UOP30AjYEkLJQ==,type:str]",
|
||||
"encryption_key": "ENC[AES256_GCM,data:wT7aYD2DIu4VQa3GTmlkBFBvtoPvlgUF/fYJo9+wQhRcywY=,iv:29pIf46S9+OVWgSNyuwOaOXD2bWTmdcLzMLQ06VywZQ=,tag:n9JkIbHCB2xFfJ7MHcUKvg==,type:str]"
|
||||
"session_secret": "ENC[AES256_GCM,data:eSpAwX/KPzed/Y0oi6QvBwB7Gv5Kiml4FJS5RyuJ7A0plAd8acNThNXi3H4=,iv:RmH0wB3smlSF+CYs4x1w2V9ixdxgdav4dAQntjO0S5g=,tag:Vo5eHiU+1/dep/IUryN/XQ==,type:str]",
|
||||
"jwt_secret": "ENC[AES256_GCM,data:XGDV2+SbMPYxhzv8S/6SjfA0MZeelRNjgIR10+qcTFYs2IW+IZjkCExLpQ==,iv:hv1b2Dddm21vObwQBUb3LZFfYjAkIm2/ZE1Syt3//YI=,tag:TojRWFctm1H72oPfq62Y2g==,type:str]",
|
||||
"encryption_key": "ENC[AES256_GCM,data:D5F7eScWxCQ8G7pU8khi8aj8/p8ZKSErROhrqKS569fYUQpsHt6+3QQfeH7/naMvJ45r/5oVGCGeeFcEqlY0lEnbFLJEZ/tSOcm4RcIigPcx4a+8H7s=,iv:sf+TdLzacFaDgYjYhw4RKExLu6XfpewKiklt/q7VVzw=,tag:Zu3kCJfCZ7ae7HneXF6jVA==,type:str]",
|
||||
"database_pw": "ENC[AES256_GCM,data:w5TmJwjeFa8tgTXDBI7doNfbBnDBUoWyZ0Qetp4M5JpwyRv06kAj2sAKOCY=,iv:rJubsGeyxSXkOxyTjzTo1GJRgLNWbAIMy1sS74MiuHc=,tag:Sbi4gVZgRcJLriTxm2ebeQ==,type:str]"
|
||||
},
|
||||
"postgres": {
|
||||
"postgres": "ENC[AES256_GCM,data:lKuLcVTuUbfrlVhRdCs=,iv:TsbtAbXYTysxuiCi08F0hJsgoolzzgE2EPdFdPMQ+NQ=,tag:9oNua06hHdeCzE7nB22c0g==,type:str]"
|
||||
},
|
||||
"gitea": {
|
||||
"internal_token": "ENC[AES256_GCM,data:teIsV+6nUPWO9/amas3FmK6uv44YEZNpV780ncTwUkQDygDvQRr7A3KEbk/rYFcTjfxK6Kw8nmqi0rBrcBNX1bSVNg8jwfYHhY2TxFMgCo4tkQxLf3eSBUhlPGsfpsskACKIPnZ1RQ2m,iv:NAKPw0YVNtLlyEp7wld9ml4zQlVxo/takiOid6YQlfA=,tag:QIk+USh8MLZDzJkQsglJ+w==,type:str]",
|
||||
"jwt_secret": "ENC[AES256_GCM,data:/dPDqJdn4Af3Wo005V7lU9b8RbN/wyF0Tx66827cdyaZfi4QPOSj23wNqw==,iv:yJW2PiAGGr97q0DoBr64X88eFNpuVPZX0SPyNDp5QjQ=,tag:p27XTUbMC0WDMTNJCscmGQ==,type:str]"
|
||||
"jwt_secret": "ENC[AES256_GCM,data:/dPDqJdn4Af3Wo005V7lU9b8RbN/wyF0Tx66827cdyaZfi4QPOSj23wNqw==,iv:yJW2PiAGGr97q0DoBr64X88eFNpuVPZX0SPyNDp5QjQ=,tag:p27XTUbMC0WDMTNJCscmGQ==,type:str]",
|
||||
"database_pw": "ENC[AES256_GCM,data:EzGPKdsX3Ib2zWrz09kUdegIxGNwg1j4msbOKUmvCGy6R9/EG1nvOC9Z5Oo=,iv:msek112FxmVAwFume6b7RnSICL/sw5CK3XzgCq9Sp1s=,tag:UcxUi2hySv54liN+Ddodpw==,type:str]"
|
||||
},
|
||||
"sops": {
|
||||
"age": [
|
||||
@@ -28,8 +30,8 @@
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByUWM4ZDVVbGFrUGdMRHBX\nUFBmU3Nlc0RBSzhFK0tHNHpkQXUvUVdiZUZJCmpRN1lFdENpWW0rcThjVlVQNUl6\nWnlLU0RnQ3FZby81Ly8xTFBrek9nMncKLS0tIFQ4UTRNOC9CRmx4OFJWem1wckZz\nUDFTSzdWZldFK3FqcTNWTWRyNDhHQ2MKS811mR5xn7qiC/aVgPFYJ5c6Q3zxRfcr\nHcvxUvB01vNJKZpRg92vvKPkV6lQO3DXCT98OdfwiymlEOvYxg71Pg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2025-05-22T14:03:49Z",
|
||||
"mac": "ENC[AES256_GCM,data:gRzCl7GS4ywePISLFcR4bd+D8lg+2ZNDpF1QEKS/VZmRZW42NIQT+xiNg7cX7QYYnMyAjckYVGXFlK2/INzHGHWZhuP7pREt9zVCFAXaDZ6s1FVV1ee59u9VdZX7mzUESxvUWEPYvrkbDPtTC6U0x67rihBj/oIc7tGCWt7EoyY=,iv:UVZPZiByRFb1gFL+n1NkokEuDPXaYPbTBhKhraUWOD4=,tag:prVhsjnUswTW9aHz8Xu9IA==,type:str]",
|
||||
"lastmodified": "2025-05-25T07:55:17Z",
|
||||
"mac": "ENC[AES256_GCM,data:+R6CiOUxUKVJrCULbVPHzx1jI7z7RBwnWxbX2oBDh9gveNWz/e0ZLyRtoJJho7kRb8XugTPn5TOeKFdeecyJzjcL8fOkcwBQsUjywR0FhY/i1kWaPFmOskwl7iIQJUdtFz3etOAEjQlFTxuwxi3PtGcyZJn9kSMPff23tTKfRxY=,iv:2iVkNSaItt/bbWaR9/fIpv55FUyYMyFFD/SDNX467f0=,tag:76R72x9t4gw1G1nLheEniw==,type:str]",
|
||||
"encrypted_regex": "^(.*)$",
|
||||
"version": "3.10.2"
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user