fixes for flame server

2025-07-06 12:00:14 +00:00 · 2025-03-08 01:31:42 +00:00
parent dd95c94b6e
commit 1276bcf19e
14 changed files with 20 additions and 31 deletions
--- a/platforms/nixos/modules/nmasur/presets/services/actualbudget.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/actualbudget.nix
@ -24,6 +24,9 @@ in

    virtualisation.podman.enable = true;

+    # Create a shared group for generic services
+    users.groups.shared = { };
+
    users.users.actualbudget = {
      isSystemUser = true;
      group = "shared";
--- a/platforms/nixos/modules/nmasur/presets/services/caddy.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/caddy.nix
@ -50,7 +50,7 @@ in
  config = lib.mkIf cfg.enable {

    # Force Caddy to 403 if not coming from allowlisted source
-    nmasur.presets.services.caddy.cidrAllowlist = lib.mkDefault [ "127.0.0.1/32" ];
+    nmasur.presets.services.caddy.cidrAllowlist = [ "127.0.0.1/32" ];
    nmasur.presets.services.caddy.routes = lib.mkBefore [
      {
        match = [ { not = [ { remote_ip.ranges = cfg.cidrAllowlist; } ]; } ];
--- a/platforms/nixos/modules/nmasur/presets/services/restic.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/restic.nix
@ -44,7 +44,7 @@ in

    services.restic.backups = {
      default = {
-        repository = "s3:${cfg.endpoint}/${cfg.s3.bucket}/restic";
+        repository = "s3:${cfg.s3.endpoint}/${cfg.s3.bucket}/restic";
        paths = [ ];
        environmentFile = config.secrets.restic-s3-creds.dest;
        passwordFile = config.secrets.restic.dest;