tjo-cloud/ingress
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: service account

Browse source
This commit is contained in:
Tine 2024-09-20 20:50:34 +02:00
parent 64036546ea
commit 331af88869
Signed by: mentos1386
SSH key fingerprint: SHA256:MNtTsLbihYaWF8j1fkOHfkKNlnN1JQfxEU/rBU8nCGw
4 changed files with 40 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
Dockerfile
View file

@ -1,36 +0,0 @@
ARG NGINX_VERSION=1.27.1
FROM nginx:$NGINX_VERSION AS build
RUN mkdir -p /var/lib/GeoIP/
RUN apt-get update \
&& apt-get install -y \
build-essential \
libpcre2-dev \
zlib1g-dev \
libgeoip-dev \
libmaxminddb-dev \
wget \
git
ARG GEOIP2_VERSION=3.4
RUN cd /opt \
&& git clone --depth 1 -b $GEOIP2_VERSION --single-branch https://github.com/leev/ngx_http_geoip2_module.git \
&& wget -O - http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz | tar zxfv - \
&& mv /opt/nginx-$NGINX_VERSION /opt/nginx \
&& cd /opt/nginx \
&& ./configure --with-compat --add-dynamic-module=/opt/ngx_http_geoip2_module --with-stream \
&& make modules
# Production
FROM nginx:$NGINX_VERSION AS production
COPY --from=build /opt/nginx/objs/ngx_http_geoip2_module.so /usr/lib/nginx/modules
COPY --from=build /opt/nginx/objs/ngx_stream_geoip2_module.so /usr/lib/nginx/modules
RUN apt-get update \
&& apt-get install -y --no-install-recommends --no-install-suggests libmaxminddb0 \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* \
&& chmod -R 644 /usr/lib/nginx/modules/ngx_http_geoip2_module.so \
&& chmod -R 644 /usr/lib/nginx/modules/ngx_stream_geoip2_module.so

4
terraform/node.tf
View file

@ -11,8 +11,8 @@ locals {
name = each.value.name name = each.value.name
domain = each.value.domain domain = each.value.domain
service_account = { service_account = {
username = "foo" username = authentik_user.service_account[each.value.name].username
password = "bar" password = authentik_token.service_account[each.value.name].token
} }
} }
}) })

29
terraform/serviceaccount.tf Normal file
View file

@ -0,0 +1,29 @@
data "authentik_group" "monitoring_publisher" {
name = "monitor.tjo.cloud publisher"
include_users = false
}
resource "authentik_user" "service_account" {
for_each = var.nodes
username = "${each.value.name}.ingress@svc.tjo.cloud"
name = "${each.value.name}.ingress@svc.tjo.cloud"
email = "${each.value.name}.ingress@svc.tjo.cloud"
type = "service_account"
path = "svc.tjo.cloud"
groups = [
data.authentik_group.monitoring_publisher.id,
]
}
resource "authentik_token" "service_account" {
for_each = var.nodes
identifier = "svc.tjo.cloud-service-account-${each.value.name}"
user = authentik_user.service_account[each.value.name].id
description = "Service account for ${each.value.name} node"
expiring = false
intent = "app_password"
}

9
terraform/terraform.tf
View file

@ -16,11 +16,20 @@ terraform {
source = "tailscale/tailscale" source = "tailscale/tailscale"
version = "0.16.1" version = "0.16.1"
} }
authentik = {
source = "goauthentik/authentik"
version = "2024.8.3"
}
} }
required_version = "~> 1.7.3" required_version = "~> 1.7.3"
} }
provider "authentik" {
url = "https://id.tjo.space"
token = var.authentik_token
}
provider "digitalocean" { provider "digitalocean" {
token = var.digitalocean_token token = var.digitalocean_token
} }