broken 2

2025-10-05 10:02:39 +02:00
2 changed files with 18 additions and 19 deletions
--- a/hosts/sobotka/server.nix
+++ b/hosts/sobotka/server.nix
@@ -1,5 +1,4 @@
-{ config, ... }:
-{
+{config, ...}: {
  server = {
    enable = true;
    email = "adam@cnst.dev";
@@ -44,10 +43,6 @@
    };
    jellyfin = {
      enable = true;
-      cloudflared = {
-        tunnelId = "234811e2-bc86-44b2-9abd-493686e25704";
-        credentialsFile = config.age.secrets.jellyfinCloudflared.path;
-      };
    };
    uptime-kuma = {
      enable = true;
@@ -94,7 +89,7 @@
      gluetun.enable = true;
      qbittorrent = {
        enable = true;
-        port = 8387;
+        port = 8080;
      };
      slskd = {
        enable = true;
--- a/modules/server/authentik/default.nix
+++ b/modules/server/authentik/default.nix
@@ -4,13 +4,11 @@
  pkgs,
  self,
  ...
-}:
-let
+}: let
  unit = "authentik";
  cfg = config.server.${unit};
  srv = config.server;
-in
-{
+in {
  options.server.${unit} = {
    enable = lib.mkEnableOption {
      description = "Enable ${unit}";
@@ -55,9 +53,15 @@ in
    age.secrets = {
      authentikEnv = {
        file = "${self}/secrets/authentikEnv.age";
+        owner = "authentik";
+        group = "authentik";
+        mode = "0400";
      };
      authentikCloudflared = {
        file = "${self}/secrets/authentikCloudflared.age";
+        owner = "authentik";
+        group = "authentik";
+        mode = "0400";
      };
    };

@@ -106,14 +110,14 @@ in
                    "X-authentik-username"
                    "X-authentik-groups"
                    "X-authentik-email"
-                    # "X-authentik-name"
-                    # "X-authentik-uid"
+                    "X-authentik-name"
+                    "X-authentik-uid"
                    "X-authentik-jwt"
-                    # "X-authentik-meta-jwks"
-                    # "X-authentik-meta-outpost"
-                    # "X-authentik-meta-provider"
-                    # "X-authentik-meta-app"
-                    # "X-authentik-meta-version"
+                    "X-authentik-meta-jwks"
+                    "X-authentik-meta-outpost"
+                    "X-authentik-meta-provider"
+                    "X-authentik-meta-app"
+                    "X-authentik-meta-version"
                  ];
                  timeout = "10s";
                };
@@ -130,7 +134,7 @@ in

            routers = {
              auth = {
-                entryPoints = [ "websecure" ];
+                entryPoints = ["websecure"];
                rule = "Host(`${cfg.url}`) || HostRegexp(`{subdomain:[a-z0-9]+}.${srv.www.url}`) && PathPrefix(`/outpost.goauthentik.io/`)";
                service = "auth";
                tls.certResolver = "letsencrypt";