From c190e886c076a9e5b226f130a7cdaea0c3252140 Mon Sep 17 00:00:00 2001
From: Nikolaos Karaolidis <nick@karaolidis.com>
Date: Thu, 11 Sep 2025 08:38:00 +0000
Subject: [PATCH] Add authelia consent duration

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
---
 .../users/storm/configs/console/podman/gitea/default.nix  | 1 +
 .../storm/configs/console/podman/grafana/default.nix      | 1 +
 .../configs/console/podman/media/jellyfin/default.nix     | 8 ++++----
 .../configs/console/podman/media/jellyseerr/default.nix   | 8 ++++----
 .../storm/configs/console/podman/nextcloud/default.nix    | 1 +
 .../storm/configs/console/podman/outline/default.nix      | 1 +
 .../storm/configs/console/podman/vaultwarden/default.nix  | 1 +
 7 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/hosts/jupiter/users/storm/configs/console/podman/gitea/default.nix b/hosts/jupiter/users/storm/configs/console/podman/gitea/default.nix
index 10b8708..037e49e 100644
--- a/hosts/jupiter/users/storm/configs/console/podman/gitea/default.nix
+++ b/hosts/jupiter/users/storm/configs/console/podman/gitea/default.nix
@@ -191,6 +191,7 @@ in
                     client_secret = hmConfig.sops.placeholder."gitea/authelia/digest";
                     redirect_uris = [ "https://git.karaolidis.com/user/oauth2/authelia/callback" ];
                     authorization_policy = "gitea";
+                    pre_configured_consent_duration = "1 month";
                   }
                 ];
               };
diff --git a/hosts/jupiter/users/storm/configs/console/podman/grafana/default.nix b/hosts/jupiter/users/storm/configs/console/podman/grafana/default.nix
index cb742df..457c613 100644
--- a/hosts/jupiter/users/storm/configs/console/podman/grafana/default.nix
+++ b/hosts/jupiter/users/storm/configs/console/podman/grafana/default.nix
@@ -32,6 +32,7 @@ in
                 authorization_policy = "admin_one_factor";
                 require_pkce = true;
                 pkce_challenge_method = "S256";
+                pre_configured_consent_duration = "1 month";
               }
             ];
           }
diff --git a/hosts/jupiter/users/storm/configs/console/podman/media/jellyfin/default.nix b/hosts/jupiter/users/storm/configs/console/podman/media/jellyfin/default.nix
index 5ea7f6f..68dab09 100644
--- a/hosts/jupiter/users/storm/configs/console/podman/media/jellyfin/default.nix
+++ b/hosts/jupiter/users/storm/configs/console/podman/media/jellyfin/default.nix
@@ -8,8 +8,7 @@
 let
   hmConfig = config.home-manager.users.${user};
   inherit (hmConfig.virtualisation.quadlet) volumes networks;
-
-  jellyfinAutheliaClientId = "59TRpNutxEeRRCAZbDsK7rsnrA5NC69HAdAO45CEfc740xl4hgIacDy2u03oiFc89Exb67udBQvmfwxgeAQtJPiNAJxA5OzGmdQf";
+  autheliaClientId = "59TRpNutxEeRRCAZbDsK7rsnrA5NC69HAdAO45CEfc740xl4hgIacDy2u03oiFc89Exb67udBQvmfwxgeAQtJPiNAJxA5OzGmdQf";
 in
 {
   home-manager.users.${user} = {
@@ -45,7 +44,7 @@ in
 
               clients = [
                 {
-                  client_id = jellyfinAutheliaClientId;
+                  client_id = autheliaClientId;
                   client_name = "Jellyfin";
                   client_secret = hmConfig.sops.placeholder."jellyfin/authelia/digest";
                   redirect_uris = [ "https://media.karaolidis.com/sso/OID/redirect/authelia" ];
@@ -58,6 +57,7 @@ in
                     "groups"
                   ];
                   token_endpoint_auth_method = "client_secret_post";
+                  pre_configured_consent_duration = "1 month";
                 }
               ];
             };
@@ -105,7 +105,7 @@ in
                 "${volumes.jellyfin-log.ref}:/var/log/jellyfin"
                 "${volumes.jellyfin-cache.ref}:/tmp/jellyfin"
               ];
-            environments.JELLYFIN_OIDC_CLIENT_ID = jellyfinAutheliaClientId;
+            environments.JELLYFIN_OIDC_CLIENT_ID = autheliaClientId;
             environmentFiles = [ hmConfig.sops.templates.jellyfin-env.path ];
             labels = [
               "traefik.enable=true"
diff --git a/hosts/jupiter/users/storm/configs/console/podman/media/jellyseerr/default.nix b/hosts/jupiter/users/storm/configs/console/podman/media/jellyseerr/default.nix
index 5514c77..65fe452 100644
--- a/hosts/jupiter/users/storm/configs/console/podman/media/jellyseerr/default.nix
+++ b/hosts/jupiter/users/storm/configs/console/podman/media/jellyseerr/default.nix
@@ -14,9 +14,8 @@
 let
   hmConfig = config.home-manager.users.${user};
   inherit (hmConfig.virtualisation.quadlet) containers volumes networks;
-
   arrs = radarrs ++ sonarrs;
-  jellyseerrAutheliaClientId = "s8QyVqBdiEStH5WXeEYNSrEh8ls2xHif0qyTGbC7V8nHNcqHi5NhqHUapCHuVFT4kEtngqgLry2SKOKepQl3AiqCWlhTjlIxr7LI";
+  autheliaClientId = "s8QyVqBdiEStH5WXeEYNSrEh8ls2xHif0qyTGbC7V8nHNcqHi5NhqHUapCHuVFT4kEtngqgLry2SKOKepQl3AiqCWlhTjlIxr7LI";
 in
 {
   home-manager.users.${user} = {
@@ -64,7 +63,7 @@ in
                 slug = "authelia";
                 name = "Authelia";
                 issuerUrl = "https://id.karaolidis.com";
-                clientId = jellyseerrAutheliaClientId;
+                clientId = autheliaClientId;
                 clientSecret = hmConfig.sops.placeholder."jellyseerr/authelia/password";
                 scopes = lib.strings.concatStringsSep " " [
                   "openid"
@@ -113,12 +112,13 @@ in
 
               clients = [
                 {
-                  client_id = jellyseerrAutheliaClientId;
+                  client_id = autheliaClientId;
                   client_name = "jellyseerr";
                   client_secret = hmConfig.sops.placeholder."jellyseerr/authelia/digest";
                   redirect_uris = [ "https://request.karaolidis.com/login?provider=authelia&callback=true" ];
                   authorization_policy = "jellyseerr";
                   token_endpoint_auth_method = "client_secret_post";
+                  pre_configured_consent_duration = "1 month";
                 }
               ];
             };
diff --git a/hosts/jupiter/users/storm/configs/console/podman/nextcloud/default.nix b/hosts/jupiter/users/storm/configs/console/podman/nextcloud/default.nix
index 6fc8b85..d3e6014 100644
--- a/hosts/jupiter/users/storm/configs/console/podman/nextcloud/default.nix
+++ b/hosts/jupiter/users/storm/configs/console/podman/nextcloud/default.nix
@@ -137,6 +137,7 @@ in
                     "groups"
                     "is_admin"
                   ];
+                  pre_configured_consent_duration = "1 month";
                 }
               ];
             };
diff --git a/hosts/jupiter/users/storm/configs/console/podman/outline/default.nix b/hosts/jupiter/users/storm/configs/console/podman/outline/default.nix
index 09fbade..e1e7063 100644
--- a/hosts/jupiter/users/storm/configs/console/podman/outline/default.nix
+++ b/hosts/jupiter/users/storm/configs/console/podman/outline/default.nix
@@ -65,6 +65,7 @@ in
                   ];
                   response_types = [ "code" ];
                   token_endpoint_auth_method = "client_secret_post";
+                  pre_configured_consent_duration = "1 month";
                 }
               ];
             };
diff --git a/hosts/jupiter/users/storm/configs/console/podman/vaultwarden/default.nix b/hosts/jupiter/users/storm/configs/console/podman/vaultwarden/default.nix
index b0a9312..51cde82 100644
--- a/hosts/jupiter/users/storm/configs/console/podman/vaultwarden/default.nix
+++ b/hosts/jupiter/users/storm/configs/console/podman/vaultwarden/default.nix
@@ -64,6 +64,7 @@ in
                     "offline_access"
                   ];
                   response_types = [ "code" ];
+                  pre_configured_consent_duration = "1 month";
                 }
               ];
             };