47 lines
928 B
Nix
47 lines
928 B
Nix
|
{ secret, ... }:
|
||
|
|
|
||
|
|
{
|
||
|
|
services.ntfy-sh = {
|
||
|
|
enable = true;
|
||
|
|
|
||
|
|
settings = {
|
||
|
|
base-url = secret.ntfy.baseUrl;
|
||
|
|
listen-unix = "/run/ntfy-sh/ntfy.socket";
|
||
|
|
behind-proxy = true;
|
||
|
|
|
||
|
|
auth-file = "/var/lib/ntfy-sh/user.db";
|
||
|
|
auth-default-access = "deny-all";
|
||
|
|
|
||
|
|
cache-file = "/var/lib/ntfy-sh/cache.db";
|
||
|
|
attachment-cache-dir = "/var/cache/ntfy/attachments";
|
||
|
|
|
||
|
|
keepalive-interval = "45s";
|
||
|
|
};
|
||
|
|
};
|
||
|
|
|
||
|
|
services.nginx = {
|
||
|
|
enable = true;
|
||
|
|
virtualHosts."${secret.ntfy.web-domain}" = {
|
||
|
|
listen = [
|
||
|
|
{
|
||
|
|
addr = "127.0.0.1";
|
||
|
|
port = 80;
|
||
|
|
}
|
||
|
|
];
|
||
|
|
|
||
|
|
forceSSL = false;
|
||
|
|
enableACME = false;
|
||
|
|
|
||
|
|
locations."/" = {
|
||
|
|
tryFiles = "$uri @proxy";
|
||
|
|
};
|
||
|
|
|
||
|
|
locations."@proxy" = {
|
||
|
|
proxyWebsockets = true;
|
||
|
|
recommendedProxySettings = true;
|
||
|
|
proxyPass = "http://unix:/run/ntfy-sh/ntfy.socket";
|
||
|
|
};
|
||
|
|
};
|
||
|
|
};
|
||
|
|
}
|