From 6bf856b70239f97c72564ce5a6b4f2e0cedb5ff6 Mon Sep 17 00:00:00 2001
From: soraefir <soraefir+git@helcel>
Date: Sun, 10 May 2026 22:21:02 +0200
Subject: [PATCH] WIP

---
 modules/server/containers/apps/nextcloud.nix           |  4 ++--
 .../server/containers/data/authentik/authentik.yaml    | 10 +++++-----
 modules/server/sops/server.yaml                        |  6 +++---
 3 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/modules/server/containers/apps/nextcloud.nix b/modules/server/containers/apps/nextcloud.nix
index af6d385..5e01457 100644
--- a/modules/server/containers/apps/nextcloud.nix
+++ b/modules/server/containers/apps/nextcloud.nix
@@ -125,11 +125,11 @@ in {
         
         ${lib.optionalString (serverCfg.containers ? ethercalc) ''
         $OCC config:app:set ownpad ownpad_ethercalc_enable --value="yes"
-        $OCC config:app:set ownpad ownpad_ethercalc_host --value="https:\/\/${serverCfg.containers.ethercalc.subdomain}.${serverCfg.hostDomain}"
+        $OCC config:app:set ownpad ownpad_ethercalc_host --value="https://${serverCfg.containers.ethercalc.subdomain}.${serverCfg.hostDomain}"
         ''}
         ${lib.optionalString (serverCfg.containers ? etherpad) ''
         $OCC config:app:set ownpad ownpad_etherpad_enable --value="yes"
-        $OCC config:app:set ownpad ownpad_etherpad_host --value="https:\/\/${serverCfg.containers.etherpad.subdomain}.${serverCfg.hostDomain}"
+        $OCC config:app:set ownpad ownpad_etherpad_host --value="https://${serverCfg.containers.etherpad.subdomain}.${serverCfg.hostDomain}"
         ''}
         ${lib.optionalString (serverCfg.containers ? collabora) ''
         $OCC config:app:set richdocuments wopi_url --value="https://${serverCfg.containers.collabora.subdomain}.${serverCfg.hostDomain}/"
diff --git a/modules/server/containers/data/authentik/authentik.yaml b/modules/server/containers/data/authentik/authentik.yaml
index 81bf21f..35e969b 100644
--- a/modules/server/containers/data/authentik/authentik.yaml
+++ b/modules/server/containers/data/authentik/authentik.yaml
@@ -46,14 +46,14 @@ entries:
   # --- ADMIN USERS ---
   - model: authentik_core.user
     identifiers:
-      username: "{{ env('DEFAULT_ADMIN_USERNAME') }}"
+      username: !Env DEFAULT_ADMIN_USERNAME
     attrs:
-      name: "{{ env('DEFAULT_ADMIN_USERNAME') }}"
-      email: "{{ env('DEFAULT_ADMIN_USERNAME') }}@{{ env('DOMAIN') }}"
-      password: "{{ env('DEFAULT_ADMIN_PASSWORD') }}"
+      name: !Env DEFAULT_ADMIN_USERNAME
+      email: !Env DEFAULT_ADMIN_EMAIL
+      password: !Env DEFAULT_ADMIN_PASSWORD
       path: "users"
       groups:
-        - name: !Find [authentik_core.group, [name, "authentik Admins"]]
+        - !Find [authentik_core.group, [name, "authentik Admins"]]
 
   # Disable the Initial Setup Flow
   - model: authentik_flows.flow
diff --git a/modules/server/sops/server.yaml b/modules/server/sops/server.yaml
index 4f76add..34eef05 100644
--- a/modules/server/sops/server.yaml
+++ b/modules/server/sops/server.yaml
@@ -1,4 +1,4 @@
-CUSTOM: ENC[AES256_GCM,data:PqkznntPxY6bbCZWfTubhmrg1VUoKAxk8g+VnjrTOEVDm05nnVVyd7yIoxwtk8AyZGi6xTpmTJGsxrVSdg==,iv:Qn7ml9LHoQk9W0/lVuFtkWdjqBUFDTsZcqbIKfZuvIM=,tag:kTiTQAFnmPkMB9ZQ3omCcA==,type:str]
+CUSTOM: ENC[AES256_GCM,data:OVhE99dmudlV31Re2/fyFurXnRSM3RjbdVDxYp6oF4kazaseISlI4QjgIyyUNEAjeAST17Prv/t5GdyTUvoUICoVKmhQdRv5xFeB7ngTCdi7XoYW1r6HIXwz9wOf/UvPWLafSxSM,iv:/ikpvHH5sLZpTnNABUFjZoVLS+tBZSUYIUxxdXMCCcc=,tag:mS9uW33M355KErY1rQtvqQ==,type:str]
 TRAEFIK: ENC[AES256_GCM,data:Ei+/OL7xwNaOEg3rSaz95N78nvp51lC63XCplNzeD+bBMGcK9G7HoyQxfpaJ7S0MkuMW0ZXT2nJ4GES40GoJCZIrnEiSBm2tpjDfNjlS/rFwxx0wVfM1nsEuBf3pL5dqiCNa9+Lad2Cd,iv:d1MH0ive+E8xuUK0CIOXZeEigHJKVGlFaq0iH4KSbZA=,tag:VTARuNeotr2I0+fdOk+iqA==,type:str]
 AUTHENTIK: ENC[AES256_GCM,data:dZ+Kf85ZjaZ82coYNeNOXe5zfD2M9rEeOB6jDNoaKmo3jMABhnha+iBvYJTI2NltkGzymPJQI+JV8F6GdT1l6cqcR8p0nNjQjS1BMk0rR7n8RCp6MazUTJuIjbEq6zEUrA4SXquw5gZDEp4FLo010PhoLaLinHg8OoqzjDsTxdcKevbQWmZeefDBrwXWpz6BlkRIQA3KazVb0w7l1jDTIkozUIWbvtvtk5ccGjzx3b+wCC36QYFcHHtPvFZwMDHzFPVBd90hWc/BwFfvCExONmH0S7GLFTp7I5NsBnWpT0AHUHHc5PlSR2dUy9H2DZ3IkORdNVzOaqESbYKymuWTQBDQuyI9IJdt4Cac0CV9i6p8rFXL6fQyQKZ9djHX8orpyCUeJXqFs8I6et+IzpTeZcmdv/76Q9tomBBi4k4PRMXpeff8Bn02bOSb7RSaj5NVeWxIhZkh3sEXUeva5/yrAYT30mrLpbwzWoCaKrPCPLIcFxvNrYxPUo6kVVz1jSlBurvcKefbreJGqA==,iv:Hj7aBfDLSqRBzueN8b9F9TutpjMESFloqrnirSmnH9U=,tag:1ikt1JvuhIZCx68nh/VzMA==,type:str]
 NEXTCLOUD: ENC[AES256_GCM,data:IWitzubILQ5SrGdO3UQZboisqAECt5lXOqHVg4yAKxedG7ZLOgVp6jPV+4VVDC13KEkxIsiYjjNvjqnOXCdYWQIC13YZ+o2IBDI9PgavBB3nmjfi0Q7BVki6C8qCtbM5H9uFlQ3h7rkPyEbE3pHa3dY5uwgdtmvw3qKf2UAZGIJCU7dKamjuTCucGitOEG434jFQik9duHZs7EV3AZrkLXqOfdvftvdpciDb/4/K7h/4uEYSXJ94Lf0b16/NRUcR,iv:1UvcbqC3hJEHU9t6Z+N226DTJEcgM315ynYkxPKpYSM=,tag:FGkXlUw+7LRu1/cpMys7OA==,type:str]
@@ -24,8 +24,8 @@ sops:
             S1NaTVFTL0FCdm1EQmRsUnlhclZNZlEKEgIe60qkvY8+UocjQU+WM2dTL/1y3Kqk
             d4RrlLP9NSozwVsPYI4ntygvMSApbT4v0YvoO7gV90lkGWEvW1YDfA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-05-10T19:12:54Z"
-    mac: ENC[AES256_GCM,data:8fTlz4gYNi2grMD7PcvmNDWvXUaVU0XXNKHaCZiYc4K8vIU8CwetMb0Xq4HkfS68uyxv+3GGMexHeNiCjhEMYyja4lLHbsrJ7ypqoyZcHHfvd1aY/tqYwI5LnOaEVNZI34XFrnKdShMyeMQECz/TM9fU7rYzAWUn0E67Z192i/M=,iv:0UvfOUj/tGHIx5OjL15Y5YlrFdYseqt3FRaf6PHxF00=,tag:yVaaFFD3AHwj2QnQwSrINw==,type:str]
+    lastmodified: "2026-05-10T20:20:49Z"
+    mac: ENC[AES256_GCM,data:dRjkmR9LdYak5D7vbXYhT3rD7T7tTEjYPLML3J4o/HyZrBxCoYM+IhMeiPkH9irjE1lRyjgBjSMMgbtttCs0r+UQeRyC74A0if0teZky88SRGVNRLezz53chwwVdvTbDMPNpLfWtscQUX9s6bntdXuCAde49DhsScaro0hF61W8=,iv:hE82qBEOpPlhYRBuOggUgWc9dLiDR1oXyDKodKSw4vs=,tag:M2cR1gq32hIvWjS8gEgvFw==,type:str]
     pgp:
         - created_at: "2026-05-05T23:46:27Z"
           enc: |-