fix warnings for flame

platforms/nixos/modules/nmasur/presets/programs/msmtp.nix

@@ -2,6 +2,7 @@
   config,
   pkgs,
   lib,
+  hostnames,
   ...
 }:
 
@@ -16,10 +17,12 @@ in
     host = lib.mkOption {
       type = lib.types.str;
       description = "Hostname for SMTP server";
+      default = hostnames.smtp;
     };
     domain = lib.mkOption {
       type = lib.types.str;
       description = "Domain name for SMTP email";
+      default = hostnames.mail;
     };
     user = lib.mkOption {
       type = lib.types.str;

platforms/nixos/modules/nmasur/presets/services/actualbudget.nix

@@ -41,7 +41,7 @@ in
       user = "${toString (builtins.toString config.users.users.actualbudget.uid)}";
       pull = "missing";
       privileged = false;
-      ports = [ "127.0.0.1:${builtins.toString config.services.actualbudget.port}:5006" ];
+      ports = [ "127.0.0.1:${builtins.toString cfg.port}:5006" ];
       networks = [ ];
       log-driver = "journald";
       labels = {
@@ -65,7 +65,7 @@ in
         handle = [
           {
             handler = "reverse_proxy";
-            upstreams = [ { dial = "localhost:${builtins.toString config.services.actualbudget.port}"; } ];
+            upstreams = [ { dial = "localhost:${builtins.toString cfg.port}"; } ];
           }
         ];
       }

platforms/nixos/modules/nmasur/presets/services/grafana.nix

@@ -17,7 +17,7 @@ in
 
     # Allow Grafana to connect to email service
     secrets.mailpass-grafana = {
-      source = ../../../private/mailpass-grafana.age;
+      source = ../../../../../../private/mailpass-grafana.age;
       dest = "${config.secretsDirectory}/mailpass-grafana";
       owner = "grafana";
       group = "grafana";

platforms/nixos/modules/nmasur/presets/services/influxdb2.nix

@@ -33,7 +33,7 @@ in
 
     # Create credentials file for InfluxDB admin
     secrets.influxdb2Password = lib.mkIf config.services.influxdb2.enable {
-      source = ../../../private/influxdb2-password.age;
+      source = ../../../../../../private/influxdb2-password.age;
       dest = "${config.secretsDirectory}/influxdb2-password";
       owner = "influxdb2";
       group = "influxdb2";
@@ -44,7 +44,7 @@ in
       before = [ "influxdb2.service" ];
     };
     secrets.influxdb2Token = lib.mkIf config.services.influxdb2.enable {
-      source = ../../../private/influxdb2-token.age;
+      source = ../../../../../../private/influxdb2-token.age;
       dest = "${config.secretsDirectory}/influxdb2-token";
       owner = "influxdb2";
       group = "influxdb2";

platforms/nixos/modules/nmasur/presets/services/nix-autoupgrade.nix

@@ -55,7 +55,7 @@ in
           systemctl status $SERVICE_ID >> $TEMPFILE
           set -e
           ${lib.getExe pkgs.msmtp} \
-              --file=${config.home-manager.users.${username}.xdg.configDir}/msmtp/config \
+              --file=${config.home-manager.users.${username}.xdg.configHome}/msmtp/config \
               --account=system \
               ${address} < $TEMPFILE
         '';

platforms/nixos/modules/nmasur/presets/services/paperless.nix

@@ -51,7 +51,7 @@ in
     services.cloudflare-dyndns.domains = [ hostnames.paperless ];
 
     secrets.paperless = {
-      source = ../../../private/prometheus.age;
+      source = ../../../../../../private/prometheus.age;
       dest = "${config.secretsDirectory}/paperless";
       owner = "paperless";
       group = "paperless";

platforms/nixos/modules/nmasur/presets/services/prometheus-remote-write.nix

@@ -38,7 +38,7 @@ in
 
     # Create credentials file for remote Prometheus push
     secrets.prometheus = {
-      source = ../../../private/prometheus.age;
+      source = ../../../../../../private/prometheus.age;
       dest = "${config.secretsDirectory}/prometheus";
       owner = "prometheus";
       group = "prometheus";

platforms/nixos/modules/nmasur/presets/services/vaultwarden.nix

@@ -43,7 +43,7 @@ in
     };
 
     secrets.vaultwarden = {
-      source = ../../../private/vaultwarden.age;
+      source = ../../../../../../private/vaultwarden.age;
       dest = "${config.secretsDirectory}/vaultwarden";
       owner = "vaultwarden";
       group = "vaultwarden";
@@ -94,7 +94,9 @@ in
           {
             path = "${vaultwardenPath}/db.sqlite3";
             replicas = [
-              { url = "s3://${config.backup.s3.bucket}.${config.backup.s3.endpoint}/vaultwarden"; }
+              {
+                url = "s3://${config.nmasur.presets.services.litestream.s3.bucket}.${config.nmasur.presets.services.litestream.s3.endpoint}/vaultwarden";
+              }
             ];
           }
         ];
@@ -119,7 +121,7 @@ in
     # Backup other Vaultwarden data to object storage
     systemd.services.vaultwarden-backup = lib.mkIf config.nmasur.presets.services.litestream.enable {
       description = "Backup Vaultwarden files";
-      environment.AWS_ACCESS_KEY_ID = config.backup.s3.accessKeyId;
+      environment.AWS_ACCESS_KEY_ID = config.nmasur.presets.services.litestream.s3.accessKeyId;
       serviceConfig = {
         Type = "oneshot";
         User = "vaultwarden";
@@ -129,8 +131,8 @@ in
       script = ''
         ${pkgs.awscli2}/bin/aws s3 sync \
             ${vaultwardenPath}/ \
-            s3://${config.backup.s3.bucket}/vaultwarden/ \
-            --endpoint-url=https://${config.backup.s3.endpoint} \
+            s3://${config.nmasur.presets.services.litestream.s3.bucket}/vaultwarden/ \
+            --endpoint-url=https://${config.nmasur.presets.services.litestream.s3.endpoint} \
             --exclude "*db.sqlite3*" \
             --exclude ".db.sqlite3*"
       '';

platforms/nixos/modules/nmasur/presets/services/victoriametrics.nix

@@ -71,7 +71,7 @@ in
     };
 
     secrets.vmauth = lib.mkIf config.services.victoriametrics.enable {
-      source = ../../../private/prometheus.age;
+      source = ../../../../../../private/prometheus.age;
       dest = "${config.secretsDirectory}/vmauth";
       prefix = "PASSWORD=";
     };

platforms/nixos/modules/nmasur/presets/services/vm-agent.nix

@@ -47,7 +47,7 @@ in
     };
 
     secrets.vmagent = {
-      source = ../../../private/prometheus.age;
+      source = ../../../../../../private/prometheus.age;
       dest = "${config.secretsDirectory}/vmagent";
     };
     systemd.services.vmagent-secret = lib.mkIf config.services.vmagent.enable {

platforms/nixos/modules/nmasur/settings.nix

@@ -1,4 +1,4 @@
-{ lib, ... }:
+{ lib, hostnames, ... }:
 
 {
   options.nmasur.settings = {
@@ -13,7 +13,7 @@
     hostnames = lib.mkOption {
       type = lib.types.attrsOf lib.types.str;
       description = "Map of service names to FQDNs";
-      default = { };
+      default = hostnames;
     };
   };
 }