From 526e760eee54df4b1f80b0fed462e4d5d79a4e91 Mon Sep 17 00:00:00 2001
From: Lyes Saadi <dev@lyes.eu>
Date: Mon, 27 Oct 2025 17:08:50 +0100
Subject: [PATCH] Changes to komga and kanidm

---
 flake.lock                           |  36 +++++++++++++--------------
 hosts/piaf/default.nix               |   1 +
 hosts/zora/networking.nix            |   4 +--
 modules/desktop/networking.nix       |   8 +++---
 modules/server/link/client.nix       |  11 ++++++++
 modules/server/link/default.nix      |  11 +++-----
 secrets/zora/services/nayru-conf.age | Bin 992 -> 1042 bytes
 7 files changed, 40 insertions(+), 31 deletions(-)
 create mode 100644 modules/server/link/client.nix

diff --git a/flake.lock b/flake.lock
index 3e4bf7f..6399d42 100644
--- a/flake.lock
+++ b/flake.lock
@@ -173,11 +173,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1760929667,
-        "narHash": "sha256-nZh6uvc71nVNaf/y+wesnjwsmJ6IZZUnP2EzpZe48To=",
+        "lastModified": 1761574406,
+        "narHash": "sha256-MoqeKxVuql6Bnj6CE/CG2CKcC0GJ2EgqYxUrYPRABdY=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "189c21cf879669008ccf06e78a553f17e88d8ef0",
+        "rev": "aa888ffc10cad3ab6595039342f97d524fd620bf",
         "type": "github"
       },
       "original": {
@@ -248,11 +248,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1760106635,
-        "narHash": "sha256-2GoxVaKWTHBxRoeUYSjv0AfSOx4qw5CWSFz2b+VolKU=",
+        "lastModified": 1760958188,
+        "narHash": "sha256-2m1S4jl+GEDtlt2QqeHil8Ny456dcGSKJAM7q3j/BFU=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "9ed85f8afebf2b7478f25db0a98d0e782c0ed903",
+        "rev": "d6645c340ef7d821602fd2cd199e8d1eed10afbc",
         "type": "github"
       },
       "original": {
@@ -296,11 +296,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1760862643,
-        "narHash": "sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0=",
+        "lastModified": 1761468971,
+        "narHash": "sha256-vY2OLVg5ZTobdroQKQQSipSIkHlxOTrIF1fsMzPh8w8=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "33c6dca0c0cb31d6addcd34e90a63ad61826b28c",
+        "rev": "78e34d1667d32d8a0ffc3eba4591ff256e80576e",
         "type": "github"
       },
       "original": {
@@ -312,11 +312,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1760878510,
-        "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=",
+        "lastModified": 1761373498,
+        "narHash": "sha256-Q/uhWNvd7V7k1H1ZPMy/vkx3F8C13ZcdrKjO7Jv7v0c=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67",
+        "rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce",
         "type": "github"
       },
       "original": {
@@ -328,11 +328,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1760878510,
-        "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=",
+        "lastModified": 1761373498,
+        "narHash": "sha256-Q/uhWNvd7V7k1H1ZPMy/vkx3F8C13ZcdrKjO7Jv7v0c=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67",
+        "rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce",
         "type": "github"
       },
       "original": {
@@ -393,11 +393,11 @@
         "nixpkgs": "nixpkgs_3"
       },
       "locked": {
-        "lastModified": 1760934351,
-        "narHash": "sha256-RehxVjBRC9EiBO36EPZROLHhVVSWFe3KEROhaEapboM=",
+        "lastModified": 1761535208,
+        "narHash": "sha256-E1PobJMiFmVUX2YdqYk/MpKb0LXavOYvlg8DCBBzlHc=",
         "owner": "0xc000022070",
         "repo": "zen-browser-flake",
-        "rev": "596c3ac14be576b93f5db9252a1b0581e453ec9f",
+        "rev": "79a94872a3e6993a051c4e22a2dcb02c1d088acf",
         "type": "github"
       },
       "original": {
diff --git a/hosts/piaf/default.nix b/hosts/piaf/default.nix
index 94573a5..c92a4fe 100644
--- a/hosts/piaf/default.nix
+++ b/hosts/piaf/default.nix
@@ -16,6 +16,7 @@
       ../../modules/desktop/gaming
       ../../modules/desktop/gnome
       ../../modules/desktop/sway
+      ../../modules/server/link/client.nix
 
       nix-flatpak.nixosModules.nix-flatpak
       nixos-hardware.nixosModules.framework-16-7040-amd
diff --git a/hosts/zora/networking.nix b/hosts/zora/networking.nix
index 973bf33..0bfcbe9 100644
--- a/hosts/zora/networking.nix
+++ b/hosts/zora/networking.nix
@@ -12,8 +12,8 @@
     nameservers = [
       "9.9.9.9"
       "149.112.112.112"
-      "1.1.1.1#one.one.one.one"
-      "1.0.0.1#one.one.one.one"
+      "1.1.1.1"
+      "1.0.0.1"
     ];
 
     firewall = {
diff --git a/modules/desktop/networking.nix b/modules/desktop/networking.nix
index 5c5a567..07220d5 100644
--- a/modules/desktop/networking.nix
+++ b/modules/desktop/networking.nix
@@ -12,8 +12,8 @@
   networking.nameservers = [
     "9.9.9.9"
     "149.112.112.112"
-    "1.1.1.1#one.one.one.one"
-    "1.0.0.1#one.one.one.one"
+    "1.1.1.1"
+    "1.0.0.1"
     "2620:fe::fe"
     "2620:fe::9"
   ];
@@ -25,8 +25,8 @@
     fallbackDns = [
       "9.9.9.9"
       "149.112.112.112"
-      "1.1.1.1#one.one.one.one"
-      "1.0.0.1#one.one.one.one"
+      "1.1.1.1"
+      "1.0.0.1"
       "2620:fe::fe"
       "2620:fe::9"
     ];
diff --git a/modules/server/link/client.nix b/modules/server/link/client.nix
new file mode 100644
index 0000000..d96fee5
--- /dev/null
+++ b/modules/server/link/client.nix
@@ -0,0 +1,11 @@
+{ ... }:
+
+{
+  services.kanidm = {
+    enableClient = true;
+
+    clientSettings = {
+      uri = "https://auth.lyes.eu";
+    };
+  };
+}
diff --git a/modules/server/link/default.nix b/modules/server/link/default.nix
index 2ea976c..a9164df 100644
--- a/modules/server/link/default.nix
+++ b/modules/server/link/default.nix
@@ -5,6 +5,10 @@ let
   port = "44300";
 in
 {
+  import = [
+    ./client.nix
+  ];
+
   users.users.kanidm.extraGroups = [ "nginx" ];
   services.kanidm = {
     package = pkgs.kanidmWithSecretProvisioning_1_7;
@@ -25,13 +29,6 @@ in
       };
     };
 
-    enableClient = true;
-
-    clientSettings = {
-      uri = "https://127.0.0.1:${port}";
-      verify_ca = false;
-    };
-
     provision = {
       enable = true;
       adminPasswordFile = config.age.secrets.kanidm-admin-password.path;
diff --git a/secrets/zora/services/nayru-conf.age b/secrets/zora/services/nayru-conf.age
index a8ce77db445559bd0d3ae189dc175a7b1d7dfe42..0b61ae0f2c82490f845a72f1bae6487aad8e500f 100644
GIT binary patch
delta 1012
zcmaFBK8a(3PJMnsLAgh+t9w#do?E$vVWqZ*lSiSWkGa3LXSs8TNxqp|x`}CFQgBkb
z30ILtN@Y%!nR9MbURtD6Ri<NJl8JV5ML?lxnX7wHRC;MyWpZ(TT9Bo-FPE;JLUD11
zZfc5=si~o*LWo;ox@WqAQD$YXsc%$RrBjhfse4AMc6~^Aaj|ipnW<~AM@gh(nv1q}
zh?iT0S(U3VmyfY$XqBa-cSUwumbSZJa#m)EYidfKQB`J1UXX=Jcw$&iS&@FETbQRO
zm#(g^LQrZ|wwYN-KyF%LsYPT_V3BEfVp%{=inE1>ufB7Td3LHvRe7?0mPJY^SGd#q
zQ`OI$H`P0zeD&ywu+@$09s<WNKFTnxTzGW1<IOnj7@<pboj(<i`g{7NwaVvN7R}b*
zwyx_^e6Dzb@{D<hJ|6VHI_J+Vqs}cJ$E_V-TsZE&Q1mhT{~lSD|DV4v`|<N<V#|$f
zt$JTJa=pz@D{?FS-mkXp&4I4z3g;(COnmJv-fMcl@RFfRT)pd4G5=lf-LA<5FZ*qf
ztRHu0ZHTMR(Fq+V&N_dO%6@o7;@K6|8waGG%Nw8nG=IH+S(nnwp4EM+!rPx@PMGy*
zic9bBtG_><pCI}1{;6ddCQ1vIy-=O}<3jSH`swP;jnj{WI^4FcP4a!OW9+_HPDd?P
z_35IVl3UB}Ur4`w$CSBqbN$_Zm&79uGt*dDub8IJ5^1uS?eA&IS@CSyP1B#RRbz5v
zZ=DYLu=bR6ucA`fVz+%=`j6iR6pCN^u=3vGKYiLS*?YE&Na%NpywH>Q)F3hcsLk~~
z{EXMQZ#$>AoGFz)od5X8pPT$nHxEo`W4sz@vf9mF{^M5FJ%Sta-%k4XHM>5lKDRo2
zRiaDa14WIkmyBm$QhH^O+qIHQ^4s;N@zaGjg?`TK=5BT??@e~BjK9m_SR*Lpp4`kU
z|25(Mz9}Bdz8h*(E+{H5XOI()(-S<dRQl`5{hqmboc8tG=PwiXZSlBw<IvBH@8KJk
ztxx1-**c$hdYw;~^JfOpCk>fzTAdSiZLhztuV*i~uB4k!c9H1ftLl8~_st8tc+E?N
zAv0{J{)3vQ6Rx<Q$aisSZ~xo2=a9^#<k-H8VST!+vzN7*98xWNyXk7OwxxjcBF3!x
zkINIDE^(i~J#Vs{-=5U!qx~w6)^SLN-Q|3}e?gK;vF|%4yY-TyPhz%n%+Eje@oDz8
zotD3%azlS~O*$f!#%THCu=AT^vm=gb&AU;PyK%=Qd!}=*1oy<msyq2Jta2?C>Eu1J
z@3;!fEPI>K%Q3t&6I;8Eds)90S;IalWMx2S>}#=Sl`k)xbN&_e?v$Rv$KB5#P5Wok
VxNG|g@0U9Y|Ku8OeH<g$2>@9l)CB+l

delta 962
zcmbQl@qm4TPJN1ZNq~!im!C^`eojzQaEeKmS5cOarITr}vwLoGm|>)TX?SU7K~SDc
zIag3phF6q}wriDdp?QgCXlatGbGmk-kEdsGftOo~c3_lyVpM8&wyS=TCzr0BLUD11
zZfc5=si~o*LWo;ox@WqAM^RvSUS()@L0L+GyHR<Df4yU%TZ*MmRhWO4Uy7l2cw%yH
zVMKbqxp`1Am$^ZdN2NtbrHipkvVLN?yPs)^X;zVTs8On=r$t3(aEQLCg-?#9nNMXl
zm#(g^LZop>S%9~zPmX7ip+%{MdAWsKj%!eXYhrMAg>g`-QBaU`NN7N~W4V7e*W#Qn
zOTtAned|qrsd9FUSFP=+;-3&Lpq-pN{kQqW)&nzlMISh^Q1PO1Ps7Bc^R++Poqf4i
zOfmUwmDg<k;HT1-Ee09~`ku$1XD^(p;`h^MCAY-|mb+E6wLWqbSxO|Dy?MHO%GI6S
z8^X`GzSN0zdV6a@j^W}RVUyNfX<fF6>1;vPzx93J=ZE-itN(83<o2v~i5YthyQHb+
z-_wp~;{#4fRXmIStTbC~%9^gIgY%B+8=tY(zvQ_$D?{7rQ~sH^iuS9n{k5BKDr)=1
z^iuY2<N5^AW4>L=XP#U$l}Vne`J6K-?Wpx)#q*+>Z!i2)GWu{M*SYrZc4=RgXsv_u
zzWq+&RhoCHzpvm$8Gm8@=T9Hvq|83DwI0)zZx`2`+@|&ae_Jh+^_IttUt+E|38d}p
zsJgZ=M|b|ITGfNbO`o3VD^(qh*L=~)lba`O`NDFans;yTI#r!l?A=w0=N}bUvc+#Z
zy~Ip%rr*oO%MPBNrd}#9T4x_8zvALKk6qJ0&0Re0zVuZ&zvLsE=4^Uq+FO4nLifUk
zZK~0k?=6?K$1D-rX(ZBHFB38+?%-AV8(Fm<^?$7vt@(HVi&oKoLH=(&7g(Q2N&i*<
zy?@TUi?<{$&e(9sMD|Mv*T?m_ddbb7Pv*BbE%AMQF89)biSL!m<U~R@?>Ot@FSK*c
z&j0Mj!ta+`2~W{auNJ-NVdazRqxfJ#YW-|ISH6Qwcl{NKR_|7csO0>WKC!SvDnvg}
zPR`EaQMn7xT9Htd&mZf4_XI{?=m;=7KFMX#edQRoeXf%j0u--iZVQqPSi9lDzAldM
zMo+RPtkL6cGkL9T!Se58r^&aivHUiArv&F+SrEjN*&t!`{D+Euo7`-(hrtJS{rZ{}
zT&-@+%Xdzo@yZc3-K473EG4o=n<{#$H+A%7I($o>|IW=ho>AOZr7r58s7Z;`^9AdD
R<{kQ^`6YVtyo={Od;#VpsEq&s