broken 2

chore(revert): slowly introducing changes
feat(authentik): fixing some fail2ban things
2025-10-05 10:02:39 +02:00 · 2025-10-05 09:27:51 +02:00 · 2025-10-02 05:45:35 +02:00
5 changed files with 21 additions and 9 deletions
--- a/hosts/kima/modules.nix
+++ b/hosts/kima/modules.nix
@@ -216,7 +216,7 @@
        flags = "--performance";
      };
      tailscale = {
-        enable = true;
+        enable = false;
      };
      udisks = {
        enable = true;
--- a/hosts/sobotka/modules.nix
+++ b/hosts/sobotka/modules.nix
@@ -214,7 +214,7 @@
        flags = "--performance";
      };
      tailscale = {
-        enable = true;
+        enable = false;
      };
      udisks = {
        enable = true;
--- a/modules/server/authentik/default.nix
+++ b/modules/server/authentik/default.nix
@@ -54,10 +54,14 @@ in {
      authentikEnv = {
        file = "${self}/secrets/authentikEnv.age";
        owner = "authentik";
+        group = "authentik";
+        mode = "0400";
      };
      authentikCloudflared = {
        file = "${self}/secrets/authentikCloudflared.age";
        owner = "authentik";
+        group = "authentik";
+        mode = "0400";
      };
    };

@@ -99,7 +103,7 @@ in {
            middlewares = {
              authentik = {
                forwardAuth = {
-                  tls.insecureSkipVerify = true;
+                  # tls.insecureSkipVerify = true;
                  address = "https://localhost:9443/outpost.goauthentik.io/auth/traefik";
                  trustForwardHeader = true;
                  authResponseHeaders = [
@@ -115,6 +119,7 @@ in {
                    "X-authentik-meta-app"
                    "X-authentik-meta-version"
                  ];
+                  timeout = "10s";
                };
              };
            };
--- a/modules/server/www/default.nix
+++ b/modules/server/www/default.nix
@@ -4,11 +4,18 @@
  pkgs,
  self,
  ...
-}: let
-  inherit (lib) mkOption mkEnableOption mkIf types;
+}:
+let
+  inherit (lib)
+    mkOption
+    mkEnableOption
+    mkIf
+    types
+    ;
  cfg = config.server.www;
  srv = config.server;
-in {
+in
+{
  options.server.www = {
    enable = mkEnableOption {
      description = "Enable personal website";
@@ -117,14 +124,14 @@ in {

    services.traefik.dynamicConfigOptions.http = {
      routers.webfinger = {
-        entryPoints = ["websecure"];
+        entryPoints = [ "websecure" ];
        rule = "Host(`${cfg.url}`) && Path(`/.well-known/webfinger`)";
        service = "webfinger";
        tls.certResolver = "letsencrypt";
      };

      services.webfinger.loadBalancer.servers = [
-        {url = "http://127.0.0.1:8283";}
+        { url = "http://127.0.0.1:8283"; }
      ];
    };
  };
--- a/users/cnst/modules/kimamod.nix
+++ b/users/cnst/modules/kimamod.nix
@@ -11,7 +11,7 @@
        enable = true;
      };
      chromium = {
-        enable = true;
+        enable = false;
      };
      discord = {
        enable = true;
Author	SHA1	Message	Date
cnst	d53bf7546a	broken 2	2025-10-05 10:02:39 +02:00
cnst	c9edc99a85	chore(revert): slowly introducing changes	2025-10-05 09:27:51 +02:00
cnst	67e83e3e4e	feat(authentik): fixing some fail2ban things	2025-10-02 05:45:35 +02:00