From 46d14838808052fc2bbc45f38db5e4b32625684e Mon Sep 17 00:00:00 2001
From: Dominik Polakovics <dominik.polakovics@cloonar.com>
Date: Fri, 15 Dec 2023 14:46:10 +0100
Subject: [PATCH] fix internet for guest network, changes to authelia

---
 hosts/fw.cloonar.com/modules/dhcp4.nix         |  4 ++++
 hosts/fw.cloonar.com/modules/firewall.nix      |  1 +
 .../modules/authelia/default.nix               | 18 +-----------------
 3 files changed, 6 insertions(+), 17 deletions(-)

diff --git a/hosts/fw.cloonar.com/modules/dhcp4.nix b/hosts/fw.cloonar.com/modules/dhcp4.nix
index 751b65e..2a8f87f 100644
--- a/hosts/fw.cloonar.com/modules/dhcp4.nix
+++ b/hosts/fw.cloonar.com/modules/dhcp4.nix
@@ -181,6 +181,10 @@
               name = "routers";
               data = "10.42.254.1";
             }
+            {
+              name = "domain-name-servers";
+              data = "9.9.9.9";
+            }
           ];
         }
         {
diff --git a/hosts/fw.cloonar.com/modules/firewall.nix b/hosts/fw.cloonar.com/modules/firewall.nix
index d83d238..1654076 100644
--- a/hosts/fw.cloonar.com/modules/firewall.nix
+++ b/hosts/fw.cloonar.com/modules/firewall.nix
@@ -207,6 +207,7 @@
               "smart",
               "wg_cloonar",
               "podman*",
+              "guest",
             } oifname {
               "wan",
             } counter accept comment "Allow trusted LAN to WAN"
diff --git a/hosts/web-01.cloonar.com/modules/authelia/default.nix b/hosts/web-01.cloonar.com/modules/authelia/default.nix
index 40945fd..2f8bdc7 100644
--- a/hosts/web-01.cloonar.com/modules/authelia/default.nix
+++ b/hosts/web-01.cloonar.com/modules/authelia/default.nix
@@ -65,7 +65,7 @@
           users_filter = "(&({username_attribute}={input})(objectClass=person))";
           username_attribute = "mail";
           mail_attribute = "mail";
-          display_name_attribute = "displayName";
+          display_name_attribute = "cn";
           additional_groups_dn = "OU=groups";
           groups_filter = "(&(member={dn})(objectClass=groupOfNames))";
           group_name_attribute = "cn";
@@ -199,22 +199,6 @@
               ];
               userinfo_signing_algorithm = "none";
             }
-            {
-              id = "hv";
-              description = "proxmox";
-              secret = "$pbkdf2-sha512$310000$j5XK.Af8d3BImh/tzaffoA$//S88bs99FmA0I48w2V862cgyCl7vvLIfXh9LNaZJs69jjcTYdzcFRgca8Nt23.6EouVT8cv/92MLJqOEI6Gow";
-              public = false;
-              authorization_policy = "one_factor";
-              redirect_uris = [ "https://hv.cloonar.com:8006" ];
-              pre_configured_consent_duration = "1y";
-              scopes = [
-                "openid"
-                "profile"
-                "email"
-                "groups"
-              ];
-              userinfo_signing_algorithm = "none";
-            }
             {
               id = "grafana";
               description = "Grafana";