hosts/plover: fix erroneous config values

configs/nixos/plover/default.nix

@@ -30,13 +30,11 @@
     monitoring.enable = true;
     reverse-proxy.enable = true;
     fail2ban.enable = true;
-
-    # The self-hosted services.
     grafana.enable = true;
   };
 
   # We're using our own VPN configuration for this one.
-  suites.vpn.enable = true;
+  suites.vpn.personal.enable = true;
 
   state.network = rec {
     ipv4 = "135.181.26.192";
@@ -115,8 +113,5 @@
     type = "ed25519";
   }];
 
-  # Make Nix experimental.
+  system.stateVersion = "24.11";
-  nix.package = pkgs.nixUnstable;
-
-  system.stateVersion = "23.05";
 }

configs/nixos/plover/modules/services/dns-server/default.nix

@@ -13,13 +13,13 @@ let
   getZoneFile = domain: "${zonesDir}/${domain}.zone";
 
   zonefile = pkgs.substituteAll {
-    src = ../setups/dns/zones/${domain}.zone;
+    src = ./zones/${domain}.zone;
     ploverWANIPv4 = config.state.network.ipv4;
     ploverWANIPv6 = config.state.network.ipv6;
   };
 
   fqdnZone = pkgs.substituteAll {
-    src = ../setups/dns/zones/${fqdn}.zone;
+    src = ./zones/${fqdn}.zone;
     ploverWANIPv4 = config.state.network.ipv4;
     ploverWANIPv6 = config.state.network.ipv6;
   };
@@ -280,7 +280,7 @@ in
       security.dhparams.params.bind.bits = 4096;
     }
 
-    (lib.mkIf hostCfg.setups.monitoring.enable {
+    (lib.mkIf hostCfg.services.monitoring.enable {
       state.ports.bindStatistics.value = 9423;
 
       services.bind.extraConfig = ''

configs/nixos/plover/modules/services/gitea.nix

@@ -153,12 +153,11 @@ in
       # the PostgreSQL documentation at
       # https://www.postgresql.org/docs/15/ddl-schemas.html#DDL-SCHEMAS-PATTERNS.
       services.postgresql = {
-        ensureUsers = [{
+        ensureDatabases = [ config.services.gitea.user ];
+        ensureUsers = lib.singleton {
           name = config.services.gitea.user;
-          ensurePermissions = {
+          ensureDBOwnership = true;
-            "SCHEMA ${config.services.gitea.user}" = "ALL PRIVILEGES";
         };
-        }];
       };
 
       # Setting up Gitea for PostgreSQL secure schema usage.

configs/nixos/plover/modules/services/grafana.nix

@@ -155,13 +155,10 @@ in
       # Setting up PostgreSQL with secure schema.
       services.postgresql = {
         ensureDatabases = [ grafanaDatabaseName ];
-        ensureUsers = [{
+        ensureUsers = lib.singleton {
           name = grafanaDatabaseName;
-          ensurePermissions = {
+          ensureDBOwnership = true;
-            "DATABASE ${grafanaDatabaseName}" = "ALL PRIVILEGES";
-            "SCHEMA ${grafanaDatabaseUser}" = "ALL PRIVILEGES";
         };
-        }];
       };
     })
 

configs/nixos/plover/modules/services/idm.nix

@@ -9,7 +9,7 @@ let
 
   certsDir = config.security.acme.certs."${authDomain}".directory;
 
-  backupsDir = "/var/lib/kanidm/backups";
+  backupsDir = "${config.state.paths.dataDir}/kanidm/backups";
 in
 {
   options.hosts.plover.services.idm.enable = lib.mkEnableOption "preferred IDM server";

configs/nixos/plover/modules/services/vaultwarden.nix

@@ -120,13 +120,10 @@ in
 
       services.postgresql = {
         ensureDatabases = [ vaultwardenDbName ];
-        ensureUsers = [{
+        ensureUsers = lib.singleton {
           name = vaultwardenUser;
-          ensurePermissions = {
+          ensureDBOwnership = true;
-            "DATABASE ${vaultwardenDbName}" = "ALL PRIVILEGES";
-            "SCHEMA ${vaultwardenDbName}" = "ALL PRIVILEGES";
         };
-        }];
       };
 
       systemd.services.vaultwarden = {