Merge branch 'main' into working

working 1
2025-10-05 10:21:16 +02:00 · 2025-10-05 10:11:40 +02:00
6 changed files with 23 additions and 36 deletions
--- a/hosts/kima/modules.nix
+++ b/hosts/kima/modules.nix
@@ -216,7 +216,7 @@
        flags = "--performance";
      };
      tailscale = {
-        enable = false;
+        enable = true;
      };
      udisks = {
        enable = true;
--- a/hosts/sobotka/modules.nix
+++ b/hosts/sobotka/modules.nix
@@ -214,7 +214,7 @@
        flags = "--performance";
      };
      tailscale = {
-        enable = false;
+        enable = true;
      };
      udisks = {
        enable = true;
--- a/hosts/sobotka/server.nix
+++ b/hosts/sobotka/server.nix
@@ -1,5 +1,4 @@
-{ config, ... }:
-{
+{config, ...}: {
  server = {
    enable = true;
    email = "adam@cnst.dev";
@@ -44,10 +43,6 @@
    };
    jellyfin = {
      enable = true;
-      cloudflared = {
-        tunnelId = "234811e2-bc86-44b2-9abd-493686e25704";
-        credentialsFile = config.age.secrets.jellyfinCloudflared.path;
-      };
    };
    uptime-kuma = {
      enable = true;
@@ -94,7 +89,7 @@
      gluetun.enable = true;
      qbittorrent = {
        enable = true;
-        port = 8387;
+        port = 8080;
      };
      slskd = {
        enable = true;
--- a/modules/server/authentik/default.nix
+++ b/modules/server/authentik/default.nix
@@ -4,13 +4,11 @@
  pkgs,
  self,
  ...
-}:
-let
+}: let
  unit = "authentik";
  cfg = config.server.${unit};
  srv = config.server;
-in
-{
+in {
  options.server.${unit} = {
    enable = lib.mkEnableOption {
      description = "Enable ${unit}";
@@ -55,9 +53,11 @@ in
    age.secrets = {
      authentikEnv = {
        file = "${self}/secrets/authentikEnv.age";
+        owner = "authentik";
      };
      authentikCloudflared = {
        file = "${self}/secrets/authentikCloudflared.age";
+        owner = "authentik";
      };
    };

@@ -99,23 +99,22 @@ in
            middlewares = {
              authentik = {
                forwardAuth = {
-                  # tls.insecureSkipVerify = true;
+                  tls.insecureSkipVerify = true;
                  address = "https://localhost:9443/outpost.goauthentik.io/auth/traefik";
                  trustForwardHeader = true;
                  authResponseHeaders = [
                    "X-authentik-username"
                    "X-authentik-groups"
                    "X-authentik-email"
-                    # "X-authentik-name"
-                    # "X-authentik-uid"
+                    "X-authentik-name"
+                    "X-authentik-uid"
                    "X-authentik-jwt"
-                    # "X-authentik-meta-jwks"
-                    # "X-authentik-meta-outpost"
-                    # "X-authentik-meta-provider"
-                    # "X-authentik-meta-app"
-                    # "X-authentik-meta-version"
+                    "X-authentik-meta-jwks"
+                    "X-authentik-meta-outpost"
+                    "X-authentik-meta-provider"
+                    "X-authentik-meta-app"
+                    "X-authentik-meta-version"
                  ];
-                  timeout = "10s";
                };
              };
            };
--- a/modules/server/www/default.nix
+++ b/modules/server/www/default.nix
@@ -4,18 +4,11 @@
  pkgs,
  self,
  ...
-}:
-let
-  inherit (lib)
-    mkOption
-    mkEnableOption
-    mkIf
-    types
-    ;
+}: let
+  inherit (lib) mkOption mkEnableOption mkIf types;
  cfg = config.server.www;
  srv = config.server;
-in
-{
+in {
  options.server.www = {
    enable = mkEnableOption {
      description = "Enable personal website";
--- a/users/cnst/modules/kimamod.nix
+++ b/users/cnst/modules/kimamod.nix
@@ -11,7 +11,7 @@
        enable = true;
      };
      chromium = {
-        enable = false;
+        enable = true;
      };
      discord = {
        enable = true;
Author	SHA1	Message	Date
cnst	1d5bc22274	Merge branch 'main' into working	2025-10-05 10:21:16 +02:00
cnst	f2386a851e	working 1	2025-10-05 10:11:40 +02:00