fixes for flame server

2025-07-05 22:00:14 +00:00 · 2025-03-08 01:31:42 +00:00
parent dd95c94b6e
commit 1276bcf19e
14 changed files with 20 additions and 31 deletions
--- a/platforms/nixos/modules/nmasur/presets/services/actualbudget.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/actualbudget.nix
@ -24,6 +24,9 @@ in

    virtualisation.podman.enable = true;

+    # Create a shared group for generic services
+    users.groups.shared = { };
+
    users.users.actualbudget = {
      isSystemUser = true;
      group = "shared";
--- a/platforms/nixos/modules/nmasur/presets/services/caddy.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/caddy.nix
@ -50,7 +50,7 @@ in
  config = lib.mkIf cfg.enable {

    # Force Caddy to 403 if not coming from allowlisted source
-    nmasur.presets.services.caddy.cidrAllowlist = lib.mkDefault [ "127.0.0.1/32" ];
+    nmasur.presets.services.caddy.cidrAllowlist = [ "127.0.0.1/32" ];
    nmasur.presets.services.caddy.routes = lib.mkBefore [
      {
        match = [ { not = [ { remote_ip.ranges = cfg.cidrAllowlist; } ]; } ];
--- a/platforms/nixos/modules/nmasur/presets/services/restic.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/restic.nix
@ -44,7 +44,7 @@ in

    services.restic.backups = {
      default = {
-        repository = "s3:${cfg.endpoint}/${cfg.s3.bucket}/restic";
+        repository = "s3:${cfg.s3.endpoint}/${cfg.s3.bucket}/restic";
        paths = [ ];
        environmentFile = config.secrets.restic-s3-creds.dest;
        passwordFile = config.secrets.restic.dest;
--- a/platforms/nixos/modules/nmasur/profiles/base.nix
+++ b/platforms/nixos/modules/nmasur/profiles/base.nix
@ -31,7 +31,7 @@ in
      # Create a home directory for human user
      isNormalUser = lib.mkDefault true;

-      extraGroups = lib.mkDefault [
+      extraGroups = [
        "wheel" # Sudo privileges
      ];
    };
--- a/platforms/nixos/modules/nmasur/profiles/gui.nix
+++ b/platforms/nixos/modules/nmasur/profiles/gui.nix
@ -21,7 +21,7 @@ in
    # Mouse customization
    services.ratbagd.enable = lib.mkDefault true;

-    environment.systemPackages = lib.mkDefault [
+    environment.systemPackages = [
      pkgs.libratbag # Mouse adjustments
      pkgs.piper # Mouse adjustments GUI
      pkgs.ddcutil # Monitor brightness control
@ -57,7 +57,7 @@ in

    users.users.${username} = {
      # Grant main user access to external monitors
-      extraGroups = lib.mkDefault [ "i2c" ];
+      extraGroups = [ "i2c" ];

      # Automatically create a password to start
      hashedPassword = lib.mkDefault (lib.fileContents ../../../../../misc/password.sha512);
--- a/platforms/nixos/modules/nmasur/profiles/server.nix
+++ b/platforms/nixos/modules/nmasur/profiles/server.nix
@ -16,7 +16,10 @@ in

    networking.firewall.allowPing = lib.mkDefault true;

-    nmasur.presets.services.openssh.enable = lib.mkDefault true;
+    nmasur.presets.services = {
+      openssh.enable = lib.mkDefault true;
+      restic.enable = lib.mkDefault true;
+    };

    # Implement a simple fail2ban service for sshd
    services.sshguard.enable = lib.mkDefault true;