34 lines
916 B
Nix
34 lines
916 B
Nix
{ config, ... }:
|
|
let
|
|
cfg = config.services.ntfy-sh;
|
|
domain = "ntfy.jalr.de";
|
|
datadir = "/var/lib/ntfy-sh";
|
|
inherit (config.networking) ports;
|
|
in
|
|
{
|
|
# ntfy access --auth-file /var/lib/private/ntfy-sh/user.db '*' 'up*' write-only
|
|
|
|
services.ntfy-sh = {
|
|
enable = true;
|
|
settings = {
|
|
listen-http = "127.0.0.1:${toString ports.ntfy.tcp}";
|
|
base-url = "https://${domain}";
|
|
behind-proxy = true;
|
|
#web-root = "disable";
|
|
#auth-default-access = "read-only";
|
|
attachment-cache-dir = "${datadir}/attachments";
|
|
auth-file = "${datadir}/user.db";
|
|
cache-file = "${datadir}/cache-file.db";
|
|
};
|
|
};
|
|
services.nginx.virtualHosts."${domain}" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
kTLS = true;
|
|
locations."/" = {
|
|
proxyPass = "http://${cfg.settings.listen-http}/";
|
|
recommendedProxySettings = true;
|
|
proxyWebsockets = true;
|
|
};
|
|
};
|
|
}
|