From ce502e3d7be6b18a74edfb89aadbb872b525b280 Mon Sep 17 00:00:00 2001
From: Aleksandr Lebedev <alex.lebedev2003@icloud.com>
Date: Sun, 7 Dec 2025 00:55:30 +0100
Subject: [PATCH 1/2] fixed owner

---
 systems/x86_64-linux/stargate/services/ente.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/systems/x86_64-linux/stargate/services/ente.nix b/systems/x86_64-linux/stargate/services/ente.nix
index c7fa649..1a25389 100644
--- a/systems/x86_64-linux/stargate/services/ente.nix
+++ b/systems/x86_64-linux/stargate/services/ente.nix
@@ -8,7 +8,7 @@ let
 domain = "ente.kylekrein.com";
 in
 {
-    sops.secrets."services/minio" = {};
+    sops.secrets."services/minio" = {owner = "minio";};
     services.minio = {
         enable = true;
     	# ente's config must match this region!

From bc8f7a990bd4ac1d613b6555cfc94967004af119 Mon Sep 17 00:00:00 2001
From: Aleksandr Lebedev <alex.lebedev2003@icloud.com>
Date: Sun, 7 Dec 2025 15:27:18 +0100
Subject: [PATCH 2/2] ente fix

---
 systems/x86_64-linux/stargate/services/ente.nix | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/systems/x86_64-linux/stargate/services/ente.nix b/systems/x86_64-linux/stargate/services/ente.nix
index 1a25389..5bbf22c 100644
--- a/systems/x86_64-linux/stargate/services/ente.nix
+++ b/systems/x86_64-linux/stargate/services/ente.nix
@@ -14,6 +14,7 @@ in
     	# ente's config must match this region!
     	region = "us-east-1";
 	listenAddress = ":21939";
+	consoleAddress = ":21940";
     # Please use a file, agenix or sops-nix to securely store your root user password!
     # MINIO_ROOT_USER=your_root_user
     # MINIO_ROOT_PASSWORD=a_randomly_generated_long_password
@@ -23,6 +24,11 @@ in
   systemd.services.minio.environment.MINIO_SERVER_URL = "https://s3.kylekrein.com";
 
   services.nginx = {
+   virtualHosts."web.s3.kylekrein.com" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/".proxyPass = "http://localhost:21940";
+    };
     virtualHosts."s3.kylekrein.com" = {
       forceSSL = true;
       enableACME = true;
@@ -61,8 +67,9 @@ in
 		apps.cast = "https://cast.${domain}";
 		public-albums = "https://albums.${domain}";
 		s3 = {
-                    use_path_style_urls = true;
           	    b2-eu-cen = {
+		        are_local_buckets = false;
+                    	use_path_style_urls = true;
             	        endpoint = "https://s3.kylekrein.com";
             		region = "us-east-1";
             		bucket = "ente";