Resolve authelia via consul service mesh

2-nomad-config/authelia.nomad.hcl

@@ -28,6 +28,10 @@ job "authelia" {
         "traefik.enable=true",
       ]
 
+      connect {
+        sidecar_service {}
+      }
+
       check {
         type     = "http"
         path     = "/health"

2-nomad-config/traefik.nomad.hcl

@@ -1,6 +1,7 @@
 job "traefik" {
   group "traefik" {
     network {
+      mode = "bridge"
       port "http" {
         static = 80
       }
@@ -13,6 +14,18 @@ job "traefik" {
         static = 8081
       }
     }
+    service {
+      connect {
+        sidecar_service {
+          proxy {
+            upstreams {
+              destination_name = "auth"
+              local_bind_port  = 9091
+            }
+          }
+        }
+      }
+    }
 
     service {
       name = "traefik"
@@ -46,7 +59,7 @@ job "traefik" {
 
       config {
         image = "traefik:v3.3"
-        network_mode = "host"
+        ports = ["http", "https", "api"]
 
         volumes = [
           "local/traefik.yml:/etc/traefik/traefik.yml",
@@ -91,7 +104,7 @@ providers:
     exposedByDefault: false
     defaultRule: {{"Host(`{{ .Name }}.othrayte.one`)"}}
     endpoint:
-      address: "127.0.0.1:8500"
+      address: "{{ env "NOMAD_HOST_IP_http" }}:8500"
       scheme: "http"
 
 certificatesResolvers:
@@ -112,7 +125,7 @@ http:
   middlewares:
     auth:
       forwardAuth:
-        address: "http://jaglan-beta-m21:9091/api/authz/forward-auth"
+        address: "http://localhost:9091/api/authz/forward-auth"
         trustForwardHeader: true
     auth-allow-token:
       chain:
@@ -165,11 +178,11 @@ http:
     nomad-ui:
       loadBalancer:
         servers:
-          - url: "http://127.0.0.1:4646"
+          - url: "http://{{ env "NOMAD_HOST_IP_http" }}:4646"
     consul-ui:
       loadBalancer:
         servers:
-          - url: "http://127.0.0.1:8500"
+          - url: "http://{{ env "NOMAD_HOST_IP_http" }}:8500"
     unraid:
       loadBalancer:
         servers: