diff --git a/hosts/modules/minimal.nix b/hosts/modules/minimal.nix
index 10713bf..bb8570f 100644
--- a/hosts/modules/minimal.nix
+++ b/hosts/modules/minimal.nix
@@ -6,7 +6,7 @@
       enable = true;
       extraRules = [
         {
-          users = [ "wheel" ];
+          groups = [ "wheel" ];
           keepEnv = true;
           persist = true;
         }
diff --git a/hosts/remilia/networking.nix b/hosts/remilia/networking.nix
index 952946f..6b1c240 100644
--- a/hosts/remilia/networking.nix
+++ b/hosts/remilia/networking.nix
@@ -17,8 +17,8 @@
             let
               t = lib.splitString ":" x.destination;
             in
-            with builtins;
-            "iptables -t nat -A POSTROUTING -d ${head t} -p tcp -m tcp --dport ${head (tail t)} -j MASQUERADE"
+            with lib;
+            "iptables -t nat -A POSTROUTING -d ${head t} -p tcp -m tcp --dport ${last t} -j MASQUERADE"
           )
           config.networking.nat.forwardPorts;
       };
diff --git a/hosts/remilia/services.nix b/hosts/remilia/services.nix
index a22de11..189f9a0 100644
--- a/hosts/remilia/services.nix
+++ b/hosts/remilia/services.nix
@@ -4,6 +4,7 @@ let
 in
 {
   services = {
+    cron.enable = true;
     openssh = {
       enable = true;
       permitRootLogin = "yes";
@@ -23,14 +24,15 @@ in
       appendHttpConfig = ''
         map $uri $expires {
           default off;
-          ~\.(jpg|jpeg|png|gif|ico|css|js)$ 30d;
+          ~\.(jpg|jpeg|png|gif|ico)$ 30d;
         }
       '';
       virtualHosts =
         let
           genericHttpRProxy = { addr, ssl ? true, conf ? "" }: {
-            addSSL = ssl;
             enableACME = ssl;
+            # addSSL = ssl;
+            forceSSL = ssl;
             locations."/" = {
               proxyPass = toString addr;
               extraConfig = ''
@@ -54,7 +56,20 @@ in
           "vault.${domain}" = genericHttpRProxy { addr = "https://${marisa}:8800"; };
           "consul.${domain}" = genericHttpRProxy { addr = "http://${marisa}:8500"; };
           "f.${domain}" = genericHttpRProxy { addr = "http://${marisa}:8888"; };
-          "radio.${domain}" = genericHttpRProxy { addr = "http://${satori}:8001"; };
+ #         "radio.${domain}" = genericHttpRProxy { addr = "http://${satori}:8001"; };
+          "radio.${domain}" = {
+            addSSL = true;
+            enableACME = true;
+            locations."/" = {
+              proxyPass = "http://${satori}:7590";
+              extraConfig = ''
+                expires $expires;
+                proxy_set_header Host $host;
+              '';
+            };
+            locations."= /".return = "301 /radio";
+           };
+
           "git.${domain}" = genericHttpRProxy {
             addr = "http://${marisa}:5000";
             conf = "client_max_body_size 64M;";
@@ -66,13 +81,6 @@ in
               proxy_read_timeout 310s;
             '';
           };
-          "alo.${domain}" = genericHttpRProxy {
-            addr = "http://${marisa}:4004";
-            conf = ''
-              proxy_set_header X-Real-IP $remote_addr;
-              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            '';
-          };
         };
     };
   };