119 lines
3.0 KiB
HCL
119 lines
3.0 KiB
HCL
job "authentik" {
|
|
datacenters = ["alo"]
|
|
|
|
group "auth" {
|
|
network {
|
|
port "http" {
|
|
# traefik forwardAuth hardcodes this port
|
|
static = 9000
|
|
}
|
|
port "https" {
|
|
to = 9443
|
|
}
|
|
port "metrics" {
|
|
to = 9300
|
|
}
|
|
}
|
|
|
|
task "server" {
|
|
driver = "docker"
|
|
|
|
config {
|
|
image = "ghcr.io/goauthentik/server:${var.authentik_version}"
|
|
ports = [
|
|
"http",
|
|
"https",
|
|
"metrics"
|
|
]
|
|
command = "server"
|
|
}
|
|
|
|
env {
|
|
AUTHENTIK_REDIS__HOST = "redis.service.consul"
|
|
AUTHENTIK_POSTGRESQL__HOST = "postgres.service.consul"
|
|
AUTHENTIK_POSTGRESQL__NAME = "${var.pg_db}"
|
|
AUTHENTIK_POSTGRESQL__USER = "${var.pg_user}"
|
|
AUTHENTIK_POSTGRESQL__PASSWORD = "${var.pg_password}"
|
|
AUTHENTIK_SECRET_KEY = "${var.secret_key}"
|
|
AUTHENTIK_EMAIL__HOST = "192.168.1.1"
|
|
AUTHENTIK_EMAIL__FROM = "authentik@paler.net"
|
|
}
|
|
|
|
resources {
|
|
cpu = 2000
|
|
memory = 1024
|
|
}
|
|
|
|
service {
|
|
name = "authentik"
|
|
port = "http"
|
|
tags = [
|
|
"traefik.enable=true",
|
|
# Main UI
|
|
"traefik.http.routers.authentik.entryPoints=websecure",
|
|
"traefik.http.routers.authentik.rule=Host(`authentik.v.paler.net`) || Host(`authentik.alo.land`)",
|
|
# Embedded outpost for forward auth
|
|
"traefik.http.routers.authentik-palernet.entryPoints=websecure",
|
|
"traefik.http.routers.authentik-palernet.rule=HostRegexp(`{subdomain:[a-z0-9-]+}.v.paler.net`) && PathPrefix(`/outpost.goauthentik.io/`)",
|
|
"traefik.http.routers.authentik-aloland.entryPoints=websecure",
|
|
"traefik.http.routers.authentik-aloland.rule=HostRegexp(`{subdomain:[a-z0-9-]+}.alo.land`) && PathPrefix(`/outpost.goauthentik.io/`)",
|
|
]
|
|
}
|
|
service {
|
|
name = "authentik-metrics"
|
|
port = "metrics"
|
|
tags = [ "metrics" ]
|
|
}
|
|
}
|
|
|
|
task "worker" {
|
|
driver = "docker"
|
|
|
|
config {
|
|
image = "ghcr.io/goauthentik/server:${var.authentik_version}"
|
|
command = "worker"
|
|
}
|
|
|
|
env {
|
|
AUTHENTIK_REDIS__HOST = "redis.service.consul"
|
|
AUTHENTIK_POSTGRESQL__HOST = "postgres.service.consul"
|
|
AUTHENTIK_POSTGRESQL__NAME = "${var.pg_db}"
|
|
AUTHENTIK_POSTGRESQL__USER = "${var.pg_user}"
|
|
AUTHENTIK_POSTGRESQL__PASSWORD = "${var.pg_password}"
|
|
AUTHENTIK_SECRET_KEY = "${var.secret_key}"
|
|
AUTHENTIK_EMAIL__HOST = "192.168.1.1"
|
|
AUTHENTIK_EMAIL__FROM = "authentik@paler.net"
|
|
}
|
|
|
|
resources {
|
|
memory = 400
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
variable "pg_user" {
|
|
type = string
|
|
default = "authentik"
|
|
}
|
|
|
|
variable "pg_password" {
|
|
type = string
|
|
default = "aQueiquuo6aiyah5eoch"
|
|
}
|
|
|
|
variable "pg_db" {
|
|
type = string
|
|
default = "authentik"
|
|
}
|
|
|
|
variable "secret_key" {
|
|
type = string
|
|
default = "uUzCYhGV93Z8wKLAScuGFqBskxyzSfG4cz6bnXq6McM67Ho7p9"
|
|
}
|
|
|
|
variable "authentik_version" {
|
|
type = string
|
|
default = "2023.10.4"
|
|
}
|