102 lines
1.9 KiB
HCL
102 lines
1.9 KiB
HCL
job "authelia" {
|
|
group "authelia" {
|
|
network {
|
|
port "http" {
|
|
static = 9091
|
|
}
|
|
}
|
|
|
|
service {
|
|
name = "auth"
|
|
port = "http"
|
|
|
|
tags = [
|
|
"traefik.enable=true",
|
|
]
|
|
|
|
check {
|
|
type = "http"
|
|
path = "/health"
|
|
interval = "10s"
|
|
timeout = "2s"
|
|
}
|
|
}
|
|
|
|
task "authelia" {
|
|
driver = "docker"
|
|
|
|
config {
|
|
image = "authelia/authelia:latest"
|
|
|
|
ports = ["http"]
|
|
|
|
volumes = [
|
|
"local/config:/config",
|
|
"local/data:/data" # TODO: Move this to a volume
|
|
]
|
|
}
|
|
|
|
resources {
|
|
cpu = 100
|
|
memory = 128
|
|
}
|
|
|
|
template {
|
|
data = <<EOF
|
|
server:
|
|
address: tcp://0.0.0.0:{{ env "NOMAD_PORT_http" }}/
|
|
theme: "auto"
|
|
identity_validation:
|
|
reset_password:
|
|
jwt_secret: "{{ with nomadVar "nomad/jobs/authelia" }}{{ .jwt_secret }}{{ end }}"
|
|
|
|
authentication_backend:
|
|
file:
|
|
path: /config/users_database.yml
|
|
|
|
access_control:
|
|
default_policy: deny
|
|
rules:
|
|
- domain: "*.othrayte.one"
|
|
policy: one_factor
|
|
# Disable auth for authelia
|
|
#- domain: "auth.othrayte.one"
|
|
# policy: bypass
|
|
|
|
session:
|
|
name: authelia_session
|
|
secret: "{{ with nomadVar "nomad/jobs/authelia" }}{{ .session_secret }}{{ end }}"
|
|
expiration: 3600
|
|
cookies:
|
|
- domain: othrayte.one
|
|
authelia_url: "https://auth.othrayte.one"
|
|
|
|
storage:
|
|
local:
|
|
path: /config/db.sqlite3
|
|
encryption_key: "{{ with nomadVar "nomad/jobs/authelia" }}{{ .encryption_key }}{{ end }}"
|
|
|
|
notifier:
|
|
filesystem:
|
|
filename: /config/notification.txt
|
|
EOF
|
|
|
|
destination = "local/config/configuration.yml"
|
|
}
|
|
|
|
template {
|
|
data = <<EOF
|
|
# Users database for Authelia
|
|
users:
|
|
othrayte:
|
|
password: "$2y$10$FeemMJevZXq6y1pc6FNOXeIlthGWiGHRmMfpV33BNcpChA5ozLUmK"
|
|
displayname: "Adrian"
|
|
email: "othrayte@gmail.com"
|
|
EOF
|
|
|
|
destination = "local/config/users_database.yml"
|
|
}
|
|
}
|
|
}
|
|
}
|