Switch to authelia-controller

.gitea/workflows/build.yaml

@@ -76,11 +76,11 @@ jobs:
 
       - name: Push manifests
         run: |
-          flux push artifact oci://$OCI_REPO/manifests:latest \
+          flux push artifact oci://$OCI_REPO/manifests:${{ gitea.head_ref || gitea.ref_name }} \
             --path="./manifests.yaml" \
             --source="$(git config --get remote.origin.url)" \
             --revision="$(git rev-parse HEAD)" \
             $(echo "${{ steps.meta.outputs.labels }}" | sed -e 's/^/-a /')
 
-          flux tag artifact oci://$OCI_REPO/manifests:latest \
+          flux tag artifact oci://$OCI_REPO/manifests:${{ gitea.head_ref || gitea.ref_name }} \
             $(echo "${{ steps.meta.outputs.tags }}" | sed -e 's/^.*:/--tag /')

manifests/access-control-rule.yaml

@@ -0,0 +1,7 @@
+apiVersion: authelia.huizinga.dev/v1
+kind: AccessControlRule
+metadata:
+  name: tunnel
+spec:
+  domain: "*.tunnel.${domain}"
+  policy: one_factor

manifests/config-map-authelia-acl.yaml

@@ -1,10 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: authelia-acl
-  annotations:
-    config.huizinga.dev/fragment: authelia-acl
-data:
-  rules: |
-    - domain: "*.tunnel.${domain}"
-      policy: one_factor

manifests/deployment.yaml

@@ -17,6 +17,8 @@ spec:
       annotations:
         kubectl.kubernetes.io/default-container: siranga
     spec:
+      # Service links cause issues with the HTTP_PORT and SSH_PORT env variables
+      enableServiceLinks: false
       containers:
         - name: siranga
           image: git.huizinga.dev/dreaded_x/siranga@${DIGEST}

manifests/ingress-route.yaml

@@ -10,6 +10,6 @@ spec:
       kind: Rule
       services:
         - name: http
-          port: 3000
+          port: http
   tls:
     secretName: tunnel-tls

manifests/kustomization.yaml

@@ -9,4 +9,4 @@ resources:
   - ./service.yaml
   - ./certificate.yaml
   - ./ingress-route.yaml
-  - ./config-map-authelia-acl.yaml
+  - ./access-control-rule.yaml

manifests/service.yaml

@@ -4,9 +4,8 @@ metadata:
   name: http
 spec:
   ports:
-    - name: "3000"
+    - name: http
       port: 3000
-      targetPort: 3000
   selector:
     app: siranga
 ---
@@ -19,7 +18,7 @@ metadata:
 spec:
   type: LoadBalancer
   ports:
-    - name: "2222"
+    - name: ssh
       port: 22
       targetPort: 2222
   selector:

src/main.rs

@@ -24,11 +24,19 @@ async fn main() -> color_eyre::Result<()> {
 
     let env_filter = EnvFilter::try_from_default_env().or_else(|_| EnvFilter::try_new("info"))?;
 
-    let logger = tracing_subscriber::fmt::layer().compact();
+    if std::env::var("CARGO").is_ok() {
-    tracing_subscriber::Registry::default()
+        let logger = tracing_subscriber::fmt::layer().compact();
-        .with(logger)
+        tracing_subscriber::Registry::default()
-        .with(env_filter)
+            .with(logger)
-        .init();
+            .with(env_filter)
+            .init();
+    } else {
+        let logger = tracing_subscriber::fmt::layer().json();
+        tracing_subscriber::Registry::default()
+            .with(logger)
+            .with(env_filter)
+            .init();
+    }
 
     info!(
         "Starting {} ({})",
@@ -45,10 +53,10 @@ async fn main() -> color_eyre::Result<()> {
     };
 
     let http_port = std::env::var("HTTP_PORT")
-        .map(|port| port.parse())
+        .map(|port| port.parse().wrap_err_with(|| format!("HTTP_PORT={port}")))
         .unwrap_or(Ok(3000))?;
     let ssh_port = std::env::var("SSH_PORT")
-        .map(|port| port.parse())
+        .map(|port| port.parse().wrap_err_with(|| format!("SSH_PORT={port}")))
         .unwrap_or(Ok(2222))?;
 
     let domain =