services/ntfy/default.nix at master · sapphic.moe/flake

sapphic.moe / flake

❄️ Dotfiles for our NixOS system configuration.

flake / services / ntfy / default.nix

at master 985 B view raw

 1{ config, ... }:
 2
 3{
 4  age.secrets.ntfy = {
 5    file = ../../secrets/ntfy.age;
 6    mode = "600";
 7  };
 8
 9  services.ntfy-sh = {
10    enable = true;
11    user = "ntfy";
12    group = "ntfy";
13
14    settings = {
15      base-url = "https://notify.sappho.systems";
16      behind-proxy = true;
17      listen-http = ":7070";
18
19      attachment-total-size-limit = "2G";
20      attachment-file-size-limit = "100M";
21      attachment-expiry-duration = "20h";
22
23      enable-login = true;
24      auth-default-access = "deny-all";
25
26      web-push-public-key = "BHJ3WXz88sWJHp-7d3O5zhkUT1yiTHQlRyWYFbmQbOJU4b5pDIhwL7hqJKXTIbCp0UFc-SfR5Rc08P8wP9abt7A";
27      web-push-private-key = "${config.age.secrets.ntfy.path}";
28      web-push-file = "/var/lib/ntfy-sh/webpush.db";
29      web-push-email-address = "chloe@sapphic.moe";
30    };
31  };
32
33  services.caddy.virtualHosts."notify.sappho.systems" = {
34    extraConfig = ''
35      import common
36      import tls_bunny
37
38      reverse_proxy http://127.0.0.1:7070
39    '';
40  };
41}