fix(update-authelia): Use proper yq syntax since walk() does not exist like in jq

update-setup.sh

@@ -273,41 +273,41 @@ update_authelia_config() {
 
             # Update secrets in temp file if they existed in the backup
             if [[ -n "$existing_jwt_secret" && "$existing_jwt_secret" != '""' && "$existing_jwt_secret" != "null" ]]; then
-                yq e -i '.identity_validation.reset_password.jwt_secret = strenv(existing_jwt_secret)' --env existing_jwt_secret="$existing_jwt_secret" "$TEMP_CONFIG"
+                existing_jwt_secret="$existing_jwt_secret" \
+                yq e -i '.identity_validation.reset_password.jwt_secret = strenv(existing_jwt_secret)' "$TEMP_CONFIG"
             fi
+           
             if [[ -n "$existing_session_secret" && "$existing_session_secret" != '""' && "$existing_session_secret" != "null" ]]; then
-                yq e -i '.session.secret = strenv(existing_session_secret)' --env existing_session_secret="$existing_session_secret" "$TEMP_CONFIG"
+                existing_session_secret="$existing_session_secret" \
+                yq e -i '.session.secret = strenv(existing_session_secret)' "$TEMP_CONFIG"
             fi
+           
             if [[ -n "$existing_storage_key" && "$existing_storage_key" != '""' && "$existing_storage_key" != "null" ]]; then
-                yq e -i '.storage.encryption_key = strenv(existing_storage_key)' --env existing_storage_key="$existing_storage_key" "$TEMP_CONFIG"
+                existing_storage_key="$existing_storage_key" \
+                yq e -i '.storage.encryption_key = strenv(existing_storage_key)' "$TEMP_CONFIG"
             fi
+           
             if [[ -n "$existing_redis_pass" && "$existing_redis_pass" != '""' && "$existing_redis_pass" != "null" ]]; then
-                yq e -i '.session.redis.password = strenv(existing_redis_pass)' --env existing_redis_pass="$existing_redis_pass" "$TEMP_CONFIG"
+                existing_redis_pass="$existing_redis_pass" \
+                yq e -i '.session.redis.password = strenv(existing_redis_pass)' "$TEMP_CONFIG"
             fi
+           
             if [[ -n "$existing_notifier" && "$existing_notifier" != '""' && "$existing_notifier" != "null" ]]; then
-                yq e -i '.notifier = strenv(existing_notifier)' --env existing_notifier="$existing_notifier" "$TEMP_CONFIG"
+                existing_notifier="$existing_notifier" \
+                yq e -i '.notifier = strenv(existing_notifier)' "$TEMP_CONFIG"
             fi
         fi
 
         # Update domain settings from .env
         echo -e "${BLUE}Applying Tailscale domain settings...${NC}"
 
-        # Update domain in session section
+        # Replace placeholder full hostname - using proper yq syntax instead of walk()
-        yq e -i ".session.cookies[0].domain = \"${TAILNET_DOMAIN}\"" "$TEMP_CONFIG"
+        yq e -i "(.. | select(tag == \"!!str\" and . == \"tailscale-nas.your-tailnet.ts.net\")) = \"${FULL_HOSTNAME}\"" "$TEMP_CONFIG"
 
-        # Update domain in access_control (find wildcard domain rule and update it)
+        # Replace placeholder tailnet domain - using proper yq syntax instead of walk()
-        # This assumes there's a rule with a wildcard domain like "*.example.com"
+        yq e -i "(.. | select(tag == \"!!str\" and . == \"your-tailnet.ts.net\")) = \"${TAILNET_DOMAIN}\"" "$TEMP_CONFIG"
-        local domain_rule_index=$(yq e ".access_control.rules | map(.domain) | map(select(. == \"*.*\")) | indices" "$TEMP_CONFIG" | head -n 1 | tr -d '[]')
-        if [[ -n "$domain_rule_index" && "$domain_rule_index" != "null" ]]; then
-            yq e -i ".access_control.rules[$domain_rule_index].domain = \"${WILDCARD_DOMAIN}\"" "$TEMP_CONFIG"
-        fi
 
-        # Update authelia_url if it exists (it's a URL that must match cookie scope)
+        # Move temp file to final location
-        if yq e -e '.identity_validation.reset_password.authelia_url' "$TEMP_CONFIG" &>/dev/null; then
-            yq e -i ".identity_validation.reset_password.authelia_url = \"https://${FULL_HOSTNAME}\"" "$TEMP_CONFIG"
-        fi
-        
-        # Move the temp file to the final location
         mv "$TEMP_CONFIG" "$AUTHELIA_CONFIG"
 
         echo -e "${GREEN}Authelia configuration updated successfully!${NC}"
@@ -318,15 +318,14 @@ update_authelia_config() {
         # Create a new file from the example
         cp "$AUTHELIA_CONFIG_EXAMPLE" "$AUTHELIA_CONFIG.new"
 
-        # Update domain settings with sed (more fragile)
+        # Replace placeholders manually
-        sed -i "s/domain: \".*\"/domain: \"${TAILNET_DOMAIN}\"/" "$AUTHELIA_CONFIG.new"
+        sed -i "s|tailscale-nas\.your-tailnet\.ts\.net|${FULL_HOSTNAME}|g" "$AUTHELIA_CONFIG.new"
-        sed -i "s/domain: \"\\*\\..*\"/domain: \"${WILDCARD_DOMAIN}\"/" "$AUTHELIA_CONFIG.new"
+        sed -i "s|your-tailnet\.ts\.net|${TAILNET_DOMAIN}|g" "$AUTHELIA_CONFIG.new"
-        sed -i "s|authelia_url: \"https://.*\"|authelia_url: \"https://${FULL_HOSTNAME}\"|" "$AUTHELIA_CONFIG.new"
 
         # Move the new file to the final location
         mv "$AUTHELIA_CONFIG.new" "$AUTHELIA_CONFIG"
 
-        echo -e "${YELLOW}Authelia configuration updated with sed. Secret values might need to be manually transferred.${NC}"
+        echo -e "${YELLOW}Authelia configuration updated with sed.${NC}"
     fi
     
     echo -e "${GREEN}Authelia configuration update completed.${NC}"
@@ -334,7 +333,6 @@ update_authelia_config() {
     echo -e "${CYAN}  docker compose restart authelia${NC}"
 }
 
-
 ##################################################
 # PART 3: Update service configurations
 ##################################################