AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
nixos-config/modules/nixos/services/ntfy-sh.nix

88 lines
2.2 KiB
Nix
Raw Blame History

{
config,
lib,
secretsDir,
...
}:
let
inherit (lib)
mkEnableOption
mkForce
mkIf
mkOption
recursiveUpdate
;
inherit (lib.types) bool str;
cfg = config.ataraxia.services.ntfy-sh;
nginx = config.ataraxia.services.nginx;
domain = "ntfy.ataraxiadev.com";
port = "2586";
in
{
options.ataraxia.services.ntfy-sh = {
enable = mkEnableOption "Enable ntfy-sh service";
sopsDir = mkOption {
type = str;
default = config.networking.hostName;
description = ''
Name for sops secrets directory. Defaults to hostname.
'';
};
nginxHost = mkOption {
type = bool;
default = config.ataraxia.services.nginx.enable;
description = "Enable nginx vHost integration";
};
};
config = mkIf cfg.enable {
sops.secrets.ntfy-firebase = {
sopsFile = secretsDir + /${cfg.sopsDir}/ntfy.yaml;
owner = config.services.ntfy-sh.user;
restartUnits = [ "ntfy-sh.service" ];
};
services.ntfy-sh = {
enable = true;
settings = {
base-url = "https://${domain}";
listen-http = "127.0.0.1:${port}";
behind-proxy = cfg.nginxHost;
attachment-cache-dir = "/var/lib/ntfy-sh/attachments";
auth-default-access = "deny-all";
auth-file = "/var/lib/ntfy-sh/user.db";
cache-file = "/var/lib/ntfy-sh/cache.db";
firebase-key-file = config.sops.secrets.ntfy-firebase.path;
};
};
systemd.services.ntfy-sh = {
serviceConfig = {
User = mkForce config.services.ntfy-sh.user;
Group = mkForce config.services.ntfy-sh.group;
DynamicUser = mkForce false;
};
};
services.nginx.virtualHosts = mkIf cfg.nginxHost {
${domain} = recursiveUpdate nginx.defaultSettings {
locations."/" = {
proxyPass = "http://127.0.0.1:${port}";
proxyWebsockets = true;
extraConfig = ''
proxy_connect_timeout 3m;
proxy_send_timeout 3m;
proxy_read_timeout 3m;
client_max_body_size 0; # Stream request body to backend
'';
};
};
};
persist.state.directories = [ "/var/lib/ntfy-sh" ];
};
}
Reference in New Issue View Git Blame Copy Permalink