···

       
1
       
1
       
+
       
-----BEGIN AGE ENCRYPTED FILE-----

     

       
2
       
2
       
+
       
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGN2U2dKQSArMEN0

     

       
3
       
3
       
+
       
R2FMSkM5Uk05Nk85MXUzZnV2QWcxeHZSU3RCcHl2dDdxb1hFYnhnCnhPWXJHRm9H

     

       
4
       
4
       
+
       
NHN2WnpRSUFCdWEyRzdyUThBNFZHc0R5ZjlKbzA5TmZmemMKLT4gc3NoLWVkMjU1

     

       
5
       
5
       
+
       
MTkgMUNUOTd3IFE5aFM2MUV6SGVURzZTWlh3MFhORkJQd0FPSmlTaG5SQTFndDJQ

     

       
6
       
6
       
+
       
RHhBMmMKZVhEY0x6S2VvZnhMQmxld2dCTDZHNW9oVndpV25DQWh1eTVmT1JicTkz

     

       
7
       
7
       
+
       
bwotPiBzc2gtZWQyNTUxOSBlUDNUdFEgVUI5WlhhQnJaZmpXWEJ6S3E2THdmbnJo

     

       
8
       
8
       
+
       
dHpEdVgrYUVjR2FOdWhJSVlsNAplMUsxbnE2WG1hMk92M1BHWnMzVUFna1Vmd2RT

     

       
9
       
9
       
+
       
Q3RZYVp0SUh3VWdmTDZzCi0+IC9jLWdyZWFzZQpNYnNrWmFIYnFMa1JBVEQ2Rk10

     

       
10
       
10
       
+
       
NEZ6K1NxL2F0U3RRWXF6RUJ0WkhzNDJhayttNzBLSUJyYXJZYzJuVQotLS0gRmRx

     

       
11
       
11
       
+
       
cXVJdkdXUjhXOW1hK0toMm5WRFdoUCtBMVlBRnVaUWhmaCtUdGt4TQqZB0kDYJca

     

       
12
       
12
       
+
       
nqsFpM/1suAzZW2UcaIgZyErWtztrZtt6xZZubI4jSbtk/DpNDXheDeP/AF8XH2B

     

       
13
       
13
       
+
       
Dlk0cvzyv2DSMW30N3QqGsg2Kmhb

     

       
14
       
14
       
+
       
-----END AGE ENCRYPTED FILE-----

     

···

       
14
       
14
       
 
       
  "caddy.age".publicKeys = keys;

     

       
15
       
15
       
 
       
  "glance.age".publicKeys = keys;

     

       
16
       
16
       
 
       
  "lanyard.age".publicKeys = keys;

     

       
17
       
17
       
+
       
  "ntfy.age".publicKeys = keys;

     

       
17
       
18
       
 
       
}

     

···

       
4
       
4
       
 
       
    ./glance

     

       
5
       
5
       
 
       
    ./bluesky-pds

     

       
6
       
6
       
 
       
    ./lanyard

     

       
7
       
7
       
+
       
    ./ntfy

     

       
7
       
8
       
 
       
  ];

     

       
8
       
9
       
 
       
}

     

···

       
1
       
1
       
+
       
{ config, ... }:

     

       
2
       
2
       
+
       


     

       
3
       
3
       
+
       
{

     

       
4
       
4
       
+
       
  age.secrets.ntfy = {

     

       
5
       
5
       
+
       
    file = ../../secrets/ntfy.age;

     

       
6
       
6
       
+
       
    mode = "600";

     

       
7
       
7
       
+
       
  };

     

       
8
       
8
       
+
       


     

       
9
       
9
       
+
       
  services.ntfy-sh = {

     

       
10
       
10
       
+
       
    enable = true;

     

       
11
       
11
       
+
       
    user = "ntfy";

     

       
12
       
12
       
+
       
    group = "ntfy";

     

       
13
       
13
       
+
       


     

       
14
       
14
       
+
       
    settings = {

     

       
15
       
15
       
+
       
      base-url = "https://notify.sappho.systems";

     

       
16
       
16
       
+
       
      behind-proxy = true;

     

       
17
       
17
       
+
       
      listen-http = "7070";

     

       
18
       
18
       
+
       


     

       
19
       
19
       
+
       
      cache-file = "/var/lib/ntfy/cache.db";

     

       
20
       
20
       
+
       
      attachment-cache-dir = "/var/lib/ntfy/attachments";

     

       
21
       
21
       
+
       
      attachment-total-size-limit = "2G";

     

       
22
       
22
       
+
       
      attachment-file-size-limit = "100M";

     

       
23
       
23
       
+
       
      attachment-expiry-duration = "20h";

     

       
24
       
24
       
+
       


     

       
25
       
25
       
+
       
      enable-login = true;

     

       
26
       
26
       
+
       
      auth-file = "/var/lib/ntfy/auth.db";

     

       
27
       
27
       
+
       
      auth-default-access = "deny-all";

     

       
28
       
28
       
+
       


     

       
29
       
29
       
+
       
      web-push-public-key = "BHJ3WXz88sWJHp-7d3O5zhkUT1yiTHQlRyWYFbmQbOJU4b5pDIhwL7hqJKXTIbCp0UFc-SfR5Rc08P8wP9abt7A";

     

       
30
       
30
       
+
       
      web-push-private-key = "${config.age.secrets.ntfy.path}";

     

       
31
       
31
       
+
       
      web-push-file = "/var/lib/ntfy/webpush.db";

     

       
32
       
32
       
+
       
      web-push-email-address = "chloe@sapphic.moe";

     

       
33
       
33
       
+
       
    };

     

       
34
       
34
       
+
       
  };

     

       
35
       
35
       
+
       


     

       
36
       
36
       
+
       
  services.caddy.virtualHosts."notify.sappho.systems" = {

     

       
37
       
37
       
+
       
    listenAddresses = [ "::" ];

     

       
38
       
38
       
+
       
    extraConfig = ''

     

       
39
       
39
       
+
       
      import common

     

       
40
       
40
       
+
       
      import tls_cloudflare

     

       
41
       
41
       
+
       
      reverse_proxy http://127.0.0.1:7070

     

       
42
       
42
       
+
       
    '';

     

       
43
       
43
       
+
       
  };

     

       
44
       
44
       
+
       


     

       
45
       
45
       
+
       
  # Firewall

     

       
46
       
46
       
+
       
  settings.firewall.allowedTCPPorts = [ 7070 ];

     

       
47
       
47
       
+
       
}