I move the secrets file to be more consistent with the naming.
I removed parts of the postgres config that is no longer needed now that
the database is running locally.
The podman integration was pretty janky because it relied on running a
pod and the NixOS integration with pods are essentially non-existent.
This led to issues with the port being improperly forwarded when
partially restarted.
Now instead I use a flake dedicated to running authentik. This allows me
to specify some of the config in the module directly and some in
secrets, which is really nice. I've additionally added some changes to
the listen address so that the service isn't exposed over public IP
addresses.
I believe this is caused by having a number of virtual interfaces from
OCI containers and the system wants to see them all online before
considering networkd online
This includes a new paradigm for using a pgpass file, which is great, as
well as sorting out how to properly do a bash script shebang in a
service file.
I'm going to spin up some dev resources to see if I can figure out how
to compile the latest. In the mean time, this is doing what I want and
is going to get deployed.
With these changes I have librechat running and being properly
reverse-proxied and I can login via SSO. I was not able to get a
reasonable response yet from Claude.
I'm probably not going to use it, and prefer librechat instead.
I mostly gave up on it because I couldn't make heads-nor-tails of their
SSO settings. It just says "authelia=true" - that's not enough to
configure any SSO, even Authelia.
I probably misunderstand what Sillytavern fundamentally is.
Most things work on this commit, except the integration between
collabora and seafile. I think it might be related to the timezone
change I made and a lack of access_token being passed in the URL.
I'm going to test that with a reboot. But first, checkpoint!
We put it in the pod because I don't know how to make it accessible to
things in the bod without binding all host addresses. There's probably a
sophisticated way to do it correctly, but I don't want to figure it out
yet.
