From cdb7fbfe133f6356bd0ab5c1568375a47a5551d1 Mon Sep 17 00:00:00 2001
From: uttarayan21 <email@uttarayan.me>
Date: Wed, 30 Jul 2025 16:51:48 +0530
Subject: [PATCH] fix: Reorder authelia bypass policies

---
 nixos/mirai/services/authelia.nix |  8 ++++----
 nixos/mirai/services/gitea.nix    | 16 ++++++++++------
 nixos/mirai/services/seafile.nix  |  8 ++++----
 3 files changed, 18 insertions(+), 14 deletions(-)

diff --git a/nixos/mirai/services/authelia.nix b/nixos/mirai/services/authelia.nix
index b18ffb4e..349749c3 100644
--- a/nixos/mirai/services/authelia.nix
+++ b/nixos/mirai/services/authelia.nix
@@ -44,10 +44,6 @@
             default_policy = "one_factor";
             rules = let
               bypass_api = domain: [
-                {
-                  domain = domain;
-                  policy = "one_factor";
-                }
                 {
                   domain = domain;
                   policy = "bypass";
@@ -55,6 +51,10 @@
                     "^/api([/?].*)?$"
                   ];
                 }
+                {
+                  domain = domain;
+                  policy = "one_factor";
+                }
               ];
             in
               (bypass_api "sonarr.tsuba.darksailor.dev")
diff --git a/nixos/mirai/services/gitea.nix b/nixos/mirai/services/gitea.nix
index 72dff9cf..926a0496 100644
--- a/nixos/mirai/services/gitea.nix
+++ b/nixos/mirai/services/gitea.nix
@@ -1,4 +1,8 @@
-{config, ...}: {
+{
+  lib,
+  config,
+  ...
+}: {
   virtualisation.docker.enable = true;
   sops = {
     # secrets."gitea/registration".owner = config.systemd.services.gitea-actions-mirai.serviceConfig.User;
@@ -33,7 +37,7 @@
     gitea-actions-runner = {
       instances = {
         mirai = {
-          enable = false;
+          enable = true;
           name = "mirai";
           url = "https://git.darksailor.dev";
           labels = [
@@ -57,10 +61,6 @@
         settings = {
           access_control = {
             rules = [
-              {
-                domain = "git.darksailor.dev";
-                policy = "one_factor";
-              }
               {
                 domain = "git.darksailor.dev";
                 policy = "bypass";
@@ -68,6 +68,10 @@
                   "^/api([/?].*)?$"
                 ];
               }
+              {
+                domain = "git.darksailor.dev";
+                policy = "one_factor";
+              }
             ];
           };
         };
diff --git a/nixos/mirai/services/seafile.nix b/nixos/mirai/services/seafile.nix
index b5a22937..d5621339 100644
--- a/nixos/mirai/services/seafile.nix
+++ b/nixos/mirai/services/seafile.nix
@@ -50,10 +50,6 @@
         settings = {
           access_control = {
             rules = [
-              {
-                domain = "cloud.darksailor.dev";
-                policy = "one_factor";
-              }
               {
                 domain = "cloud.darksailor.dev";
                 policy = "bypass";
@@ -61,6 +57,10 @@
                   "^/(api2|seafhttp)([/?].*)?$"
                 ];
               }
+              {
+                domain = "cloud.darksailor.dev";
+                policy = "one_factor";
+              }
             ];
           };
         };