From 1276bcf19e2c5d86ce2ea0955e67346790ebb976 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sat, 8 Mar 2025 01:31:42 +0000
Subject: [PATCH] fixes for flame server

---
 .../aarch64-linux/flame/default.nix             | 17 -----------------
 .../modules/nmasur/profiles/developer.nix       |  2 +-
 .../modules/nmasur/profiles/experimental.nix    |  2 +-
 .../modules/nmasur/profiles/linux-gaming.nix    |  2 +-
 .../modules/nmasur/profiles/power-user.nix      |  2 +-
 .../nix-darwin/modules/nmasur/profiles/base.nix |  4 ++--
 .../modules/nmasur/profiles/extra.nix           |  2 +-
 .../modules/nmasur/profiles/gaming.nix          |  2 +-
 .../nmasur/presets/services/actualbudget.nix    |  3 +++
 .../modules/nmasur/presets/services/caddy.nix   |  2 +-
 .../modules/nmasur/presets/services/restic.nix  |  2 +-
 .../nixos/modules/nmasur/profiles/base.nix      |  2 +-
 platforms/nixos/modules/nmasur/profiles/gui.nix |  4 ++--
 .../nixos/modules/nmasur/profiles/server.nix    |  5 ++++-
 14 files changed, 20 insertions(+), 31 deletions(-)

diff --git a/hosts-by-platform/aarch64-linux/flame/default.nix b/hosts-by-platform/aarch64-linux/flame/default.nix
index e4a4627..d0039de 100644
--- a/hosts-by-platform/aarch64-linux/flame/default.nix
+++ b/hosts-by-platform/aarch64-linux/flame/default.nix
@@ -11,23 +11,6 @@ rec {
   nmasur.settings = {
     username = "noah";
     fullName = "Noah Masur";
-    # hostnames =
-    #   let
-    #     baseName = "masu.rs";
-    #   in
-    #   {
-    #     budget = "money.${baseName}";
-    #     git = "git.${baseName}";
-    #     influxdb = "influxdb.${baseName}";
-    #     irc = "irc.${baseName}";
-    #     metrics = "metrics.${baseName}";
-    #     minecraft = "minecraft.${baseName}";
-    #     n8n = "n8n.${baseName}";
-    #     notifications = "ntfy.${baseName}";
-    #     prometheus = "prom.${baseName}";
-    #     secrets = "vault.${baseName}";
-    #     status = "status.${baseName}";
-    #   };
   };
 
   nmasur.profiles = {
diff --git a/platforms/home-manager/modules/nmasur/profiles/developer.nix b/platforms/home-manager/modules/nmasur/profiles/developer.nix
index 17a8139..498cca1 100644
--- a/platforms/home-manager/modules/nmasur/profiles/developer.nix
+++ b/platforms/home-manager/modules/nmasur/profiles/developer.nix
@@ -15,7 +15,7 @@ in
 
   config = lib.mkIf cfg.enable {
 
-    home.packages = lib.mkDefault [
+    home.packages = [
       pkgs.pgcli # Postgres client with autocomplete
     ];
 
diff --git a/platforms/home-manager/modules/nmasur/profiles/experimental.nix b/platforms/home-manager/modules/nmasur/profiles/experimental.nix
index 62ca132..54e9265 100644
--- a/platforms/home-manager/modules/nmasur/profiles/experimental.nix
+++ b/platforms/home-manager/modules/nmasur/profiles/experimental.nix
@@ -15,7 +15,7 @@ in
 
   config = lib.mkIf cfg.enable {
 
-    home.packages = lib.mkDefault [
+    home.packages = [
 
       # Charm tools
 
diff --git a/platforms/home-manager/modules/nmasur/profiles/linux-gaming.nix b/platforms/home-manager/modules/nmasur/profiles/linux-gaming.nix
index e399edb..92dc55b 100644
--- a/platforms/home-manager/modules/nmasur/profiles/linux-gaming.nix
+++ b/platforms/home-manager/modules/nmasur/profiles/linux-gaming.nix
@@ -19,7 +19,7 @@ in
       wine.enable = lib.mkDefault true;
     };
 
-    home.packages = lib.mkDefault [
+    home.packages = [
       pkgs.heroic
     ];
 
diff --git a/platforms/home-manager/modules/nmasur/profiles/power-user.nix b/platforms/home-manager/modules/nmasur/profiles/power-user.nix
index 2a2bda8..fbad078 100644
--- a/platforms/home-manager/modules/nmasur/profiles/power-user.nix
+++ b/platforms/home-manager/modules/nmasur/profiles/power-user.nix
@@ -12,7 +12,7 @@ in
   options.nmasur.profiles.power-user.enable = lib.mkEnableOption "power user home-manager config";
 
   config = lib.mkIf cfg.enable {
-    home.packages = lib.mkDefault [
+    home.packages = [
       pkgs.age # Encryption
       pkgs.bc # Calculator
       pkgs.delta # Fancy diffs
diff --git a/platforms/nix-darwin/modules/nmasur/profiles/base.nix b/platforms/nix-darwin/modules/nmasur/profiles/base.nix
index 774c52d..76175ea 100644
--- a/platforms/nix-darwin/modules/nmasur/profiles/base.nix
+++ b/platforms/nix-darwin/modules/nmasur/profiles/base.nix
@@ -19,10 +19,10 @@ in
       homebrew = lib.mkDefault true;
     };
 
-    homebrew.brews = lib.mkDefault [
+    homebrew.brews = [
       "trash" # Delete files and folders to trash instead of rm
     ];
-    homebrew.casks = lib.mkDefault [
+    homebrew.casks = [
       "scroll-reverser" # Different scroll style for mouse vs. trackpad
       "notunes" # Don't launch Apple Music with the play button
     ];
diff --git a/platforms/nix-darwin/modules/nmasur/profiles/extra.nix b/platforms/nix-darwin/modules/nmasur/profiles/extra.nix
index 756613f..a65c568 100644
--- a/platforms/nix-darwin/modules/nmasur/profiles/extra.nix
+++ b/platforms/nix-darwin/modules/nmasur/profiles/extra.nix
@@ -16,7 +16,7 @@ in
 
     nmasur.profiles.base.enable = lib.mkDefault true;
 
-    homebrew.casks = lib.mkDefault [
+    homebrew.casks = [
       "keybase" # GUI on Nix not available for macOS
     ];
 
diff --git a/platforms/nix-darwin/modules/nmasur/profiles/gaming.nix b/platforms/nix-darwin/modules/nmasur/profiles/gaming.nix
index ef875aa..b5f244e 100644
--- a/platforms/nix-darwin/modules/nmasur/profiles/gaming.nix
+++ b/platforms/nix-darwin/modules/nmasur/profiles/gaming.nix
@@ -16,7 +16,7 @@ in
 
     nmasur.profiles.base.enable = lib.mkDefault true;
 
-    homebrew.casks = lib.mkDefault [
+    homebrew.casks = [
       "steam" # Not packaged for Nixon macOS
       "epic-games" # Not packaged for Nix
     ];
diff --git a/platforms/nixos/modules/nmasur/presets/services/actualbudget.nix b/platforms/nixos/modules/nmasur/presets/services/actualbudget.nix
index c0fe75d..96ecd20 100644
--- a/platforms/nixos/modules/nmasur/presets/services/actualbudget.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/actualbudget.nix
@@ -24,6 +24,9 @@ in
 
     virtualisation.podman.enable = true;
 
+    # Create a shared group for generic services
+    users.groups.shared = { };
+
     users.users.actualbudget = {
       isSystemUser = true;
       group = "shared";
diff --git a/platforms/nixos/modules/nmasur/presets/services/caddy.nix b/platforms/nixos/modules/nmasur/presets/services/caddy.nix
index b2eef1e..880ba08 100644
--- a/platforms/nixos/modules/nmasur/presets/services/caddy.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/caddy.nix
@@ -50,7 +50,7 @@ in
   config = lib.mkIf cfg.enable {
 
     # Force Caddy to 403 if not coming from allowlisted source
-    nmasur.presets.services.caddy.cidrAllowlist = lib.mkDefault [ "127.0.0.1/32" ];
+    nmasur.presets.services.caddy.cidrAllowlist = [ "127.0.0.1/32" ];
     nmasur.presets.services.caddy.routes = lib.mkBefore [
       {
         match = [ { not = [ { remote_ip.ranges = cfg.cidrAllowlist; } ]; } ];
diff --git a/platforms/nixos/modules/nmasur/presets/services/restic.nix b/platforms/nixos/modules/nmasur/presets/services/restic.nix
index ae7c270..3f4b1b8 100644
--- a/platforms/nixos/modules/nmasur/presets/services/restic.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/restic.nix
@@ -44,7 +44,7 @@ in
 
     services.restic.backups = {
       default = {
-        repository = "s3:${cfg.endpoint}/${cfg.s3.bucket}/restic";
+        repository = "s3:${cfg.s3.endpoint}/${cfg.s3.bucket}/restic";
         paths = [ ];
         environmentFile = config.secrets.restic-s3-creds.dest;
         passwordFile = config.secrets.restic.dest;
diff --git a/platforms/nixos/modules/nmasur/profiles/base.nix b/platforms/nixos/modules/nmasur/profiles/base.nix
index 64a407f..f887359 100644
--- a/platforms/nixos/modules/nmasur/profiles/base.nix
+++ b/platforms/nixos/modules/nmasur/profiles/base.nix
@@ -31,7 +31,7 @@ in
       # Create a home directory for human user
       isNormalUser = lib.mkDefault true;
 
-      extraGroups = lib.mkDefault [
+      extraGroups = [
         "wheel" # Sudo privileges
       ];
     };
diff --git a/platforms/nixos/modules/nmasur/profiles/gui.nix b/platforms/nixos/modules/nmasur/profiles/gui.nix
index f95089d..6ddfa8e 100644
--- a/platforms/nixos/modules/nmasur/profiles/gui.nix
+++ b/platforms/nixos/modules/nmasur/profiles/gui.nix
@@ -21,7 +21,7 @@ in
     # Mouse customization
     services.ratbagd.enable = lib.mkDefault true;
 
-    environment.systemPackages = lib.mkDefault [
+    environment.systemPackages = [
       pkgs.libratbag # Mouse adjustments
       pkgs.piper # Mouse adjustments GUI
       pkgs.ddcutil # Monitor brightness control
@@ -57,7 +57,7 @@ in
 
     users.users.${username} = {
       # Grant main user access to external monitors
-      extraGroups = lib.mkDefault [ "i2c" ];
+      extraGroups = [ "i2c" ];
 
       # Automatically create a password to start
       hashedPassword = lib.mkDefault (lib.fileContents ../../../../../misc/password.sha512);
diff --git a/platforms/nixos/modules/nmasur/profiles/server.nix b/platforms/nixos/modules/nmasur/profiles/server.nix
index 54979ab..7614cf1 100644
--- a/platforms/nixos/modules/nmasur/profiles/server.nix
+++ b/platforms/nixos/modules/nmasur/profiles/server.nix
@@ -16,7 +16,10 @@ in
 
     networking.firewall.allowPing = lib.mkDefault true;
 
-    nmasur.presets.services.openssh.enable = lib.mkDefault true;
+    nmasur.presets.services = {
+      openssh.enable = lib.mkDefault true;
+      restic.enable = lib.mkDefault true;
+    };
 
     # Implement a simple fail2ban service for sshd
     services.sshguard.enable = lib.mkDefault true;