feat: add redis for authelia session storage

hosts/web-arm/modules/authelia.nix

@@ -5,6 +5,21 @@ let
     system = pkgs.system;
   };
 in {
+  # Redis for Authelia session persistence
+  services.redis.servers.authelia = {
+    enable = true;
+    user = "authelia-main";
+    unixSocket = "/run/redis-authelia/redis.sock";
+    unixSocketPerm = 660;
+    settings = {
+      appendonly = "yes"; # Enable AOF persistence
+      appendfsync = "everysec"; # Sync every second
+    };
+  };
+
+  # Add authelia user to redis group for socket access
+  users.users.authelia-main.extraGroups = [ "redis-authelia" ];
+
   sops.secrets.authelia-jwt-secret = {
     owner = "authelia-main";
   };
@@ -106,6 +121,9 @@ in {
         inactivity = "45m";
         remember_me_duration = "1M";
         domain = "cloonar.com";
+        redis = {
+          host = "/run/redis-authelia/redis.sock";
+        };
         # todo: enable with 4.38
         # cookies = [
         #   {