diff --git a/nixos/beefcake.nix b/nixos/beefcake.nix
index bdc8f4e..602ba7f 100644
--- a/nixos/beefcake.nix
+++ b/nixos/beefcake.nix
@@ -754,9 +754,9 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
           defaults
           // {
             extraOptions = [
-              ''sftp.command="ssh beefcake@rascal -i ${config.sops.secrets.restic-rascal-ssh-private-key.path} -s sftp"''
+              ''sftp.command="ssh beefcake@rascal.hare-cod.ts.net -i ${config.sops.secrets.restic-rascal-ssh-private-key.path} -s sftp"''
             ];
-            repository = "sftp://beefcake@rascal://storage/backups/beefcake";
+            repository = "sftp://beefcake@rascal.hare-cod.ts.net://storage/backups/beefcake";
           };
         # TODO: add ruby?
         benland =
@@ -838,6 +838,9 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
             HTTP_PORT = 3088;
             DOMAIN = "git.lyte.dev";
           };
+          migrations = {
+            ALLOWED_DOMAINS = "*.github.com,github.com,gitlab.com,*.gitlab.com";
+          };
           actions = {
             ENABLED = true;
           };
diff --git a/nixos/rascal.nix b/nixos/rascal.nix
index a35f601..a7cf744 100644
--- a/nixos/rascal.nix
+++ b/nixos/rascal.nix
@@ -25,11 +25,13 @@
     device = "/dev/sda";
   };
 
+  users.groups.beefcake = {};
   users.users = {
     beefcake = {
       isSystemUser = true;
       createHome = true;
       home = "/storage/backups/beefcake";
+      group = "beefcake";
       extraGroups = ["sftponly"];
       openssh.authorizedKeys.keys =
         config.users.users.daniel.openssh.authorizedKeys.keys