From 7db8aae188d6d2ec4a79b383a9c5d4af83f82c07 Mon Sep 17 00:00:00 2001 From: Lu Wang Date: Sun, 15 Dec 2024 01:20:55 +0800 Subject: [PATCH] services/ntfy: init --- nixos/hosts/suwako-vie0/default.nix | 1 + nixos/modules/networking/ports.nix | 1 + nixos/profiles/services/ntfy/default.nix | 29 ++++++++++++++++++++++++ 3 files changed, 31 insertions(+) create mode 100644 nixos/profiles/services/ntfy/default.nix diff --git a/nixos/hosts/suwako-vie0/default.nix b/nixos/hosts/suwako-vie0/default.nix index f64b2ab..d27d46c 100644 --- a/nixos/hosts/suwako-vie0/default.nix +++ b/nixos/hosts/suwako-vie0/default.nix @@ -9,6 +9,7 @@ suites.server ++ (with profiles; [ services.caddy + services.ntfy services.postgresql ]) ++ (mylib.path.scanPaths ./. "default.nix"); diff --git a/nixos/modules/networking/ports.nix b/nixos/modules/networking/ports.nix index 9c97b60..03c8818 100644 --- a/nixos/modules/networking/ports.nix +++ b/nixos/modules/networking/ports.nix @@ -16,6 +16,7 @@ in # local ports enthalpy-gost = 3000; + ntfy = 4000; # public ports enthalpy-ipsec = 13000; diff --git a/nixos/profiles/services/ntfy/default.nix b/nixos/profiles/services/ntfy/default.nix new file mode 100644 index 0000000..8bfbd7e --- /dev/null +++ b/nixos/profiles/services/ntfy/default.nix @@ -0,0 +1,29 @@ +{ + config, + lib, + mylib, + ... +}: +{ + services.ntfy-sh = { + enable = true; + settings = { + base-url = "https://ntfy.rebmit.moe"; + listen-http = "[::1]:${toString config.networking.ports.ntfy}"; + auth-default-access = "deny-all"; + behind-proxy = true; + }; + }; + + systemd.services.ntfy-sh.serviceConfig = mylib.misc.serviceHardened // { + DynamicUser = lib.mkForce false; + }; + + services.caddy.virtualHosts."ntfy.rebmit.moe" = { + extraConfig = '' + reverse_proxy ${config.services.ntfy-sh.settings.listen-http} + ''; + }; + + services.restic.backups.b2.paths = [ "/var/lib/ntfy-sh" ]; +}