From 2824e9ba44e73ed4a8498a1b06f95b19b5f23536 Mon Sep 17 00:00:00 2001
From: Aleksandr Lebedev <alex.lebedev2003@icloud.com>
Date: Sun, 7 Dec 2025 00:43:34 +0100
Subject: [PATCH] fix

---
 systems/x86_64-linux/stargate/default.nix     |  1 +
 .../x86_64-linux/stargate/services/ente.nix   | 46 ++++++++++---------
 2 files changed, 26 insertions(+), 21 deletions(-)

diff --git a/systems/x86_64-linux/stargate/default.nix b/systems/x86_64-linux/stargate/default.nix
index 40c5cf6..4448017 100644
--- a/systems/x86_64-linux/stargate/default.nix
+++ b/systems/x86_64-linux/stargate/default.nix
@@ -112,6 +112,7 @@ in {
   custom.impermanence = enabled;
 
   environment.systemPackages = with pkgs; [
+    ente-cli
     tmux
     icloudpd
     immich-go
diff --git a/systems/x86_64-linux/stargate/services/ente.nix b/systems/x86_64-linux/stargate/services/ente.nix
index 44ec949..c7fa649 100644
--- a/systems/x86_64-linux/stargate/services/ente.nix
+++ b/systems/x86_64-linux/stargate/services/ente.nix
@@ -13,10 +13,11 @@ in
         enable = true;
     	# ente's config must match this region!
     	region = "us-east-1";
+	listenAddress = ":21939";
     # Please use a file, agenix or sops-nix to securely store your root user password!
     # MINIO_ROOT_USER=your_root_user
     # MINIO_ROOT_PASSWORD=a_randomly_generated_long_password
-    rootCredentialsFile = config.sops.secrets."services/minio".path;;
+    rootCredentialsFile = config.sops.secrets."services/minio".path;
   };
 
   systemd.services.minio.environment.MINIO_SERVER_URL = "https://s3.kylekrein.com";
@@ -24,8 +25,8 @@ in
   services.nginx = {
     virtualHosts."s3.kylekrein.com" = {
       forceSSL = true;
-      useACME = true;
-      locations."/".proxyPass = "http://localhost:9000";
+      enableACME = true;
+      locations."/".proxyPass = "http://localhost:21939";
       # determine max file upload size
       extraConfig = ''
         client_max_body_size 16G;
@@ -60,24 +61,27 @@ in
 		apps.cast = "https://cast.${domain}";
 		public-albums = "https://albums.${domain}";
 		s3 = {
-          use_path_style_urls = true;
-          b2-eu-cen = {
-            endpoint = "https://s3.kylekrein.com";
-            region = "us-east-1";
-            bucket = "ente";
-            key._secret = config.sops.secrets."services/ente/minio/user".path;
-            secret._secret = config.sops.secrets."services/ente/minio/password".path;
-          };
-        };
-        key = {
-          # generate with: openssl rand -base64 32
-          encryption._secret = config.sops.secrets."services/ente/encryption".path;
-          # generate with: openssl rand -base64 64
-          hash._secret = config.sops.secrets."services/ente/hash".path;
-        };
-        # generate with: openssl rand -base64 32
-        jwt.secret._secret = config.sops.secrets."services/ente/jwt".path;
-      };
+                    use_path_style_urls = true;
+          	    b2-eu-cen = {
+            	        endpoint = "https://s3.kylekrein.com";
+            		region = "us-east-1";
+            		bucket = "ente";
+            		key._secret = config.sops.secrets."services/ente/minio/user".path;
+            		secret._secret = config.sops.secrets."services/ente/minio/password".path;
+          	    };
+        	};
+        	key = {
+          	    # generate with: openssl rand -base64 32
+          	    encryption._secret = config.sops.secrets."services/ente/encryption".path;
+          	    # generate with: openssl rand -base64 64
+          	    hash._secret = config.sops.secrets."services/ente/hash".path;
+        	};
+        	# generate with: openssl rand -base64 32
+        	jwt.secret._secret = config.sops.secrets."services/ente/jwt".path;
+		internal = {
+		    admin = 1580559962386438;
+		    disable-registration = true;
+		};
 	    };
 	};
     };