From dae4806d587b4dd3c66415606d385ca1846f06d2 Mon Sep 17 00:00:00 2001
From: foehammer127 <foehammer@disroot.org>
Date: Thu, 5 Jun 2025 18:00:38 -0500
Subject: [PATCH] Fix authelia urls.

---
 common/services/authelia.nix               | 15 ++++++++++++++-
 machines/lebesgue/config/configuration.nix |  3 ++-
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/common/services/authelia.nix b/common/services/authelia.nix
index 44db4f9..71e3d56 100644
--- a/common/services/authelia.nix
+++ b/common/services/authelia.nix
@@ -16,6 +16,13 @@ in {
       '';
     };
 
+    url = mkOption {
+      type = types.str;
+      description = ''
+        Authelia's url.
+      '';
+    };
+
     userDbFile = mkOption {
       type = types.path;
     };
@@ -122,7 +129,7 @@ in {
         session.cookies = [
           {
             domain = cfg.domain;
-            authelia_url = "https://${cfg.domain}";
+            authelia_url = cfg.url;
           }
         ];
 
@@ -138,6 +145,12 @@ in {
           };
         };
 
+        server.endpoints.authz = {
+          forward-auth = {
+            implementation = "ForwardAuth";
+          };
+        };
+
         storage.local = {
           path = "/var/lib/authelia-main/db.sqlite3";
         };
diff --git a/machines/lebesgue/config/configuration.nix b/machines/lebesgue/config/configuration.nix
index f54182f..78047bb 100644
--- a/machines/lebesgue/config/configuration.nix
+++ b/machines/lebesgue/config/configuration.nix
@@ -19,7 +19,8 @@
 
     services.authelia = {
       enable = true;
-      domain = "auth.foehammer.me";
+      domain = "foehammer.me";
+      url = "https://auth.foehammer.me";
       jwtSecretFile = config.sops.secrets.authelia-jwtsecret.path;
 
       userDbFile = config.sops.secrets.authelia-users.path;