NomadBackup/nomad_backup/auth.hcl

job "auth" {
  datacenters = ["dc1"]
  type        = "service"
  constraint {
    attribute = "${attr.kernel.name}"
    value     = "linux"
  }

  constraint {
    attribute = "${attr.unique.hostname}"
    operator  = "regexp"
    value     = "odroid.*"
  }
  group "auth" {
    count = 1

    task "fwdauth" {
      driver = "docker"

      config {
        // image = "npawelek/traefik-forward-auth"
        image = "thomseddon/traefik-forward-auth:2-arm"

        port_map {
          auth = 4181
        }

        volumes = [
          "/etc/localtime:/etc/localtime:ro",
        ]
      }

      env {
        PROVIDERS_GOOGLE_CLIENT_ID     = "807888907647-uog95jmiolsuh6ql1t8jm53l1jvuajck.apps.googleusercontent.com"
        PROVIDERS_GOOGLE_CLIENT_SECRET = "B8bDri5mFvGv-Ghzbt8fLj4W"
        SECRET                         = "ladskfdjmqwermnnbasfnmldas"
        CONFIG                         = "/local/config.ini"
        LIFETIME                       = "31536000"
        WHITELIST                      = "stuart.stent@gmail.com,stephen.bunt@gmail.com"

        // AUTH_HOST     = "fwdauth.fbleagh.duckdns.org"
        COOKIE_DOMAIN = "fbleagh.duckdns.org"
      }

      template {
        data        = "{{ key \"Dex\" }}"
        destination = "local/config.ini"
        change_mode = "restart"
      }

      resources {
        cpu    = 100 # 100 MHz
        memory = 64  # 128 MB

        network {
          port "auth" {
            static = 4181
          }
        }
      }

      service {
        name = "dex"

        tags = [
          "fwdauth",
          "web",
          "traefik.http.routers.dex.rule=Host(`fwdauth.fbleagh.duckdns.org`,`fwdauth.fbleagh.dedyn.io`)",
          "traefik.http.routers.dex.entrypoints=websecure",
          "traefik.http.routers.dex.tls=true",
          // "traefik.http.routers.dex.tls.certresolver=myresolver",
          "traefik.http.middlewares.dex.forwardauth.address=http://dex.service.dc1.consul:4181",
          "traefik.http.middlewares.dex.forwardauth.trustForwardHeader=true",
          "traefik.http.middlewares.dex.forwardauth.authResponseHeaders=X-Forwarded-User",
          "traefik.http.routers.auth.middlewares=dex",
          "traefik.http.routers.traefik-forward-auth.middlewares=dex",
        ]

        port = "auth"

        check {
          type     = "tcp"
          interval = "10s"
          timeout  = "2s"
        }
      }
    } #end Dex
  }
}