feat: many changes

hosts/web-arm/modules/authelia/default.nix

@@ -177,7 +177,7 @@ in {
               public = false;
               authorization_policy = "one_factor";
               redirect_uris = [ "https://git.cloonar.com/user/oauth2/authelia/callback" ];
-              pre_configured_consent_duration = "1y";
+              consent_mode = "implicit";
               scopes = [
                 "openid"
                 "profile"
@@ -194,7 +194,7 @@ in {
               redirect_uris = [ 
                 "https://nextcloud.cloonar.com/apps/oidc_login/oidc"
               ];
-              pre_configured_consent_duration = "1y";
+              consent_mode = "implicit";
               scopes = [
                 "openid"
                 "profile"
@@ -210,7 +210,7 @@ in {
               public = false;
               authorization_policy = "one_factor";
               redirect_uris = [ "https://grafana.cloonar.com/login/generic_oauth" ];
-              pre_configured_consent_duration = "1y";
+              consent_mode = "implicit";
               scopes = [
                 "openid"
                 "profile"
@@ -226,7 +226,7 @@ in {
               public = false;
               authorization_policy = "one_factor";
               redirect_uris = [ "https://support.cloonar.dev/oauth-login/callback/fryg87l64" ];
-              pre_configured_consent_duration = "1y";
+              consent_mode = "implicit";
               token_endpoint_auth_method = "client_secret_post";
               scopes = [
                 "openid"

hosts/web-arm/modules/grafana/default.nix

@@ -28,13 +28,12 @@ let
 in
 {
   imports = [
-    # Individual alert files removed, now handled by alerting/system/default.nix
-    ./alerting/system/default.nix # Added: Imports the consolidated system alerts module
-    ./alerting/service/default.nix # Added: Imports the new service alerts module
-    ./alerting/websites/default.nix # Added: Imports the new websites alerts module
-    # ... other rule files can be added here ...
+    ./alerting/system/default.nix
+    ./alerting/service/default.nix
+    ./alerting/websites/default.nix
+
     ./datasources/victoriametrics.nix
-    ./datasources/loki.nix # Add Loki datasource
+    ./datasources/loki.nix
   ];
 
   systemd.services.grafana.script = lib.mkBefore ''
@@ -97,15 +96,15 @@ in
     };
     provision = {
       alerting = {
-        rules.settings.groups = lib.mkMerge []; # Allows rule groups to be merged (including the one from system/default.nix)
+        rules.settings.groups = lib.mkMerge [];
         contactPoints = {
           settings = {
-            apiVersion = 1; # As per Grafana provisioning API
+            apiVersion = 1;
             contactPoints = [{
               orgId = 1;
               name = "cp_dominik";
               receivers = [{
-                uid = "dominik_pushover_cp_receiver"; # Made UID even more specific
+                uid = "dominik_pushover_cp_receiver";
                 type = "pushover";
                 settings = {
                   apiToken = "\${PUSHOVER_API_TOKEN}";
@@ -125,49 +124,16 @@ in
           };
         };
 
-        policies = { # Corrected from notificationPolicies to policies
+        policies = {
           settings = {
-            apiVersion = 1; # As per Grafana provisioning API
-
-            # Grafana's new unified alerting expects a single policy tree per org.
-            # For OrgID 1 (default), this defines the root of that tree.
-            # The NixOS module should translate this into the correct YAML structure.
-            # The `policies` attribute within `settings` usually takes a list of policy trees.
-            # For a single default organization, we define one policy tree.
-            # Grafana's own YAML examples show a top-level 'route' for the default policy,
-            # or a list under 'policies' if you're managing multiple policy sets (less common for basic setup).
-            # Given the NixOS option `services.grafana.provision.alerting.policies.settings.policies`,
-            # it's likely expecting a list here.
-            policies = [{ # This outer list corresponds to the `policies` option
-              # orgId = 1; # Usually implicit for the default policy file, but can be specified
-              receiver = "cp_dominik"; # This sets the default receiver for the root route
-
-              # The actual routing tree starts here.
-              # For a simple setup where all alerts go to one receiver,
-              # just setting the top-level 'receiver' is often enough.
-              # If more complex routing is needed, 'routes' would be defined here.
-              # Example:
-              # route = {
-              #   receiver = "cp_dominik";
-              #   group_by = [ "alertname", "job" ];
-              #   # ... other root route settings
-              #   routes = [
-              #     {
-              #       matcher_re = { severity = "critical" };
-              #       receiver = "critical_alerts_receiver"; # Another contact point
-              #       continue = false;
-              #     },
-              #     # ... other specific routes
-              #   ];
-              # };
-              # For the simplest case, just defining the receiver at this level should work
-              # as the root policy for the default organization.
+            apiVersion = 1;
+            policies = [{
+              receiver = "cp_dominik";
             }];
-            # resetPolicies = false; # Default, set to true to remove existing policies not in this config.
           };
         };
       };
-      datasources.settings.datasources = lib.mkMerge []; # Allows datasources to be merged
+      datasources.settings.datasources = lib.mkMerge [];
     };
   };