From f369128cb723bced611e295b3421c836f7bacfca Mon Sep 17 00:00:00 2001
From: mjallen18 <matt.l.jallen@gmail.com>
Date: Fri, 6 Mar 2026 10:02:19 -0600
Subject: [PATCH] auth

---
 .../homeassistant/services/homeassistant/default.nix  | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/modules/nixos/homeassistant/services/homeassistant/default.nix b/modules/nixos/homeassistant/services/homeassistant/default.nix
index 333b507..75ab8e3 100644
--- a/modules/nixos/homeassistant/services/homeassistant/default.nix
+++ b/modules/nixos/homeassistant/services/homeassistant/default.nix
@@ -38,10 +38,13 @@ in
       templates = {
         "auth.yaml" = {
           content = ''
-            auth_oidc:
-              client_id: "${config.sops.placeholder."home-assistant/auth-client-id"}"
-              client_secret: "${config.sops.placeholder."home-assistant/auth-client-secret"}"
-              discovery_url: "https://authentik.mjallen.dev/application/o/home-assistant/.well-known/openid-configuration"
+            client_id: "${config.sops.placeholder."home-assistant/auth-client-id"}"
+            client_secret: "${config.sops.placeholder."home-assistant/auth-client-secret"}"
+            discovery_url: "https://authentik.mjallen.dev/application/o/home-assistant/.well-known/openid-configuration"
+            roles:
+              user: "non_existent"
+              admin: "hass-admin"
+            display_name: "Authentik"
           '';
           owner = config.users.users.hass.name;
           group = config.users.users.hass.group;