From 5cd7f661c02560c5fa7d683153e9c5910804a528 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Numbus?= <admin@numbus.eu>
Date: Tue, 3 Mar 2026 14:38:25 +0100
Subject: [PATCH] Fixed passbolt error.

---
 modules/services/frigate.nix        | 4 ++--
 modules/services/gitea.nix          | 2 +-
 modules/services/home-assistant.nix | 2 +-
 modules/services/immich.nix         | 2 +-
 modules/services/nextcloud.nix      | 4 ++--
 modules/services/passbolt.nix       | 1 +
 modules/services/pi-hole.nix        | 2 +-
 7 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/modules/services/frigate.nix b/modules/services/frigate.nix
index c8ca2c4..1c4aca3 100644
--- a/modules/services/frigate.nix
+++ b/modules/services/frigate.nix
@@ -18,13 +18,13 @@ helper.mkPodmanService {
   pod = "home-assistant";
   defaultPort = "8971";
   scheme = "https";
-  dependencies = [ "traefik.service" "${config.numbus.services.dns}.service" "home-assistant.service" ];
   envFile = "/var/lib/numbus-server/home-assistant/.env";
+  dependencies = [ "traefik.service" "${config.numbus.services.dns}.service" "home-assistant.service" ];
+  middlewares = [ "secureHeaders" ];
   dirPermissions = [
     "1000:100 ${cfg.configDir}"
     "1000:100 ${cfg.dataDir}"
   ];
-  middlewares = [ "secureHeaders" ];
 
   extraOptions = {
     devices = mkOption {
diff --git a/modules/services/gitea.nix b/modules/services/gitea.nix
index 36b04c8..52cd947 100644
--- a/modules/services/gitea.nix
+++ b/modules/services/gitea.nix
@@ -23,13 +23,13 @@ helper.mkPodmanService {
     DB_USERNAME = "xkcdpass -n 2 -d -";
     DB_PASSWORD = "xkcdpass -n 8 -d -";
   };
+  middlewares = [ "secureHeaders" ];
   dirPermissions = [
     "100999:100 ${cfg.configDir}"
     "100999:100 ${cfg.configDir}/data"
     "100999:100 ${cfg.configDir}/config"
     "100999:100 ${cfg.configDir}/database"
   ];
-  middlewares = [ "secureHeaders" ];
 
   composeText = ''
     services:
diff --git a/modules/services/home-assistant.nix b/modules/services/home-assistant.nix
index 423725d..68435e6 100644
--- a/modules/services/home-assistant.nix
+++ b/modules/services/home-assistant.nix
@@ -22,12 +22,12 @@ helper.mkPodmanService {
     HOME_ASSISTANT_MQTT_USER = "xkcdpass -n 2 -d -";
     HOME_ASSISTANT_MQTT_PASSWORD = "xkcdpass -n 8 -d -";
   };
+  middlewares = [ "secureHeaders" ];
   dirPermissions = [
     "1000:100 ${cfg.configDir}"
     "1000:100 ${cfg.configDir}/config"
     "100999:100 ${cfg.configDir}/mqtt"
   ];
-  middlewares = [ "secureHeaders" ];
 
 # Compose file good
   composeText = ''
diff --git a/modules/services/immich.nix b/modules/services/immich.nix
index e0a565a..b25a44d 100644
--- a/modules/services/immich.nix
+++ b/modules/services/immich.nix
@@ -31,6 +31,7 @@ helper.mkPodmanService {
     TZ = "${config.time.timeZone}";
     IMMICH_VERSION = "v2.5.6";
   };
+  middlewares = [ "immichSecureHeaders" ];
   dirPermissions = [
     "100999:100 ${cfg.configDir}"
     "100999:100 ${cfg.configDir}/redis"
@@ -40,7 +41,6 @@ helper.mkPodmanService {
     "100999:100 ${cfg.configDir}/database"
     "100999:100 ${cfg.dataDir}"
   ];
-  middlewares = [ "immichSecureHeaders" ];
 
 # Compose file good
   composeText = ''
diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix
index 9472d7a..8497fa5 100644
--- a/modules/services/nextcloud.nix
+++ b/modules/services/nextcloud.nix
@@ -29,6 +29,7 @@ helper.mkPodmanService {
     WHITEBOARD_PASSWORD = "xkcdpass -n 10 -d -";
     SMTP_PASSWORD = "cat ${config.numbus.mail.smtpPasswordPath}";
   };
+  middlewares = [ "secureHeaders" "nextcloud-dav" ];
   dirPermissions = [
     "100032:100 ${cfg.configDir}"
     "100032:100 ${cfg.configDir}/web"
@@ -40,7 +41,6 @@ helper.mkPodmanService {
     "100999:100 ${cfg.configDir}/onlyoffice/database"
     "100032:100 ${cfg.dataDir}"
   ];
-  middlewares = [ "secureHeaders" "nextcloud-dav" ];
 
 # Compose file good
   composeText = ''
@@ -122,7 +122,7 @@ helper.mkPodmanService {
           - NET_RAW
         command:
           - "--transaction-isolation=READ-COMMITTED"
-          -  "--binlog-format=ROW"
+          - "--binlog-format=ROW"
         restart: unless-stopped
       nextcloud-onlyoffice:
         container_name: nextcloud-onlyoffice
diff --git a/modules/services/passbolt.nix b/modules/services/passbolt.nix
index 2e642bc..beffdf6 100644
--- a/modules/services/passbolt.nix
+++ b/modules/services/passbolt.nix
@@ -25,6 +25,7 @@ helper.mkPodmanService {
     DB_PASSWORD = "xkcdpass -n 10 -d -";
     SMTP_PASSWORD = "cat ${config.numbus.mail.smtpPasswordPath}";
   };
+  middlewares = [ "secureHeaders" ];
   dirPermissions = [
     "100032:100 ${cfg.configDir}"
     "100032:100 ${cfg.configDir}/gpg"
diff --git a/modules/services/pi-hole.nix b/modules/services/pi-hole.nix
index 2a94433..20db63a 100644
--- a/modules/services/pi-hole.nix
+++ b/modules/services/pi-hole.nix
@@ -24,10 +24,10 @@ helper.mkPodmanService {
   generatedSecrets = {
     PIHOLE_PASSWORD = "xkcdpass -n 10 -d -";
   };
+  middlewares = [ "secureHeaders" ];
   dirPermissions = [
     "100999:100 ${cfg.configDir}"
   ];
-  middlewares = [ "secureHeaders" ];
 
 # Compose file good
   composeText = ''