From 307e8f23074d5b9bbe55d3ffb47528cebe6e119e Mon Sep 17 00:00:00 2001
From: Dominik Polakovics <dominik.polakovics@cloonar.com>
Date: Sun, 25 Jan 2026 15:24:13 +0100
Subject: [PATCH] feat: add redis for authelia session storage

---
 hosts/web-arm/modules/authelia.nix | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/hosts/web-arm/modules/authelia.nix b/hosts/web-arm/modules/authelia.nix
index 6216b67..4f0d5d9 100644
--- a/hosts/web-arm/modules/authelia.nix
+++ b/hosts/web-arm/modules/authelia.nix
@@ -5,6 +5,21 @@ let
     system = pkgs.system;
   };
 in {
+  # Redis for Authelia session persistence
+  services.redis.servers.authelia = {
+    enable = true;
+    user = "authelia-main";
+    unixSocket = "/run/redis-authelia/redis.sock";
+    unixSocketPerm = 660;
+    settings = {
+      appendonly = "yes"; # Enable AOF persistence
+      appendfsync = "everysec"; # Sync every second
+    };
+  };
+
+  # Add authelia user to redis group for socket access
+  users.users.authelia-main.extraGroups = [ "redis-authelia" ];
+
   sops.secrets.authelia-jwt-secret = {
     owner = "authelia-main";
   };
@@ -106,6 +121,9 @@ in {
         inactivity = "45m";
         remember_me_duration = "1M";
         domain = "cloonar.com";
+        redis = {
+          host = "/run/redis-authelia/redis.sock";
+        };
         # todo: enable with 4.38
         # cookies = [
         #   {