The podman integration was pretty janky because it relied on running a
pod and the NixOS integration with pods are essentially non-existent.
This led to issues with the port being improperly forwarded when
partially restarted.
Now instead I use a flake dedicated to running authentik. This allows me
to specify some of the config in the module directly and some in
secrets, which is really nice. I've additionally added some changes to
the listen address so that the service isn't exposed over public IP
addresses.
I believe this is caused by having a number of virtual interfaces from
OCI containers and the system wants to see them all online before
considering networkd online
This includes a new paradigm for using a pgpass file, which is great, as
well as sorting out how to properly do a bash script shebang in a
service file.
I'm going to spin up some dev resources to see if I can figure out how
to compile the latest. In the mean time, this is doing what I want and
is going to get deployed.
With these changes I have librechat running and being properly
reverse-proxied and I can login via SSO. I was not able to get a
reasonable response yet from Claude.
I'm probably not going to use it, and prefer librechat instead.
I mostly gave up on it because I couldn't make heads-nor-tails of their
SSO settings. It just says "authelia=true" - that's not enough to
configure any SSO, even Authelia.
I probably misunderstand what Sillytavern fundamentally is.
The 'user' config was only used by this fish module, and became silly
as soon as I had to duplicate it to the git module. Instead I set it
once in the home config and reference it.
In addition this change includes enabling the fish shell. This makes it
possible to do things like set session variables, which I'll do in the
next commit.
Most things work on this commit, except the integration between
collabora and seafile. I think it might be related to the timezone
change I made and a lack of access_token being passed in the URL.
I'm going to test that with a reboot. But first, checkpoint!
