dotfiles/system/nixos/ntfy-sh.nix

{ secret, ... }:

{
  services.ntfy-sh = {
    enable = true;

    settings = {
      base-url = "https://ntfy.kempkens.io";
      listen-http = "127.0.0.1:8004";
      behind-proxy = true;

      auth-file = "/var/lib/ntfy-sh/user.db";
      auth-default-access = "deny-all";

      cache-file = "/var/lib/ntfy-sh/cache.db";
      attachment-cache-dir = "/var/lib/ntfy-sh/cache-attachments";

      upstream-base-url = "https://ntfy.sh";
      keepalive-interval = "45s";

      inherit (secret.ntfy) web-push-public-key web-push-private-key web-push-email-address;
      web-push-file = "/var/lib/ntfy-sh/webpush.db";
    };
  };

  services.nginx.virtualHosts."ntfy.kempkens.io" = {
    quic = true;
    http3 = true;

    forceSSL = true;
    useACMEHost = "kempkens.io";

    extraConfig = ''
      add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
    '';

    locations."/" = {
      recommendedProxySettings = true;
      proxyWebsockets = true;
      proxyPass = "http://127.0.0.1:8004";
    };
  };
}
ntfy-sh: init 2023-02-18 19:54:15 +00:00			`{ secret, ... }:`

			`{`
			`services.ntfy-sh = {`
			`enable = true;`

			`settings = {`
ntfy: Enable WebPush 2023-07-21 11:59:14 +00:00			`base-url = "https://ntfy.kempkens.io";`
ntfy-sh: listen on http 2023-02-18 20:02:42 +00:00			`listen-http = "127.0.0.1:8004";`
ntfy-sh: init 2023-02-18 19:54:15 +00:00			`behind-proxy = true;`

			`auth-file = "/var/lib/ntfy-sh/user.db";`
			`auth-default-access = "deny-all";`

			`cache-file = "/var/lib/ntfy-sh/cache.db";`
ntfy-sh: update cache path 2023-02-18 19:57:42 +00:00			`attachment-cache-dir = "/var/lib/ntfy-sh/cache-attachments";`
ntfy-sh: init 2023-02-18 19:54:15 +00:00
ntfy-sh: specify upstream 2023-02-18 20:29:47 +00:00			`upstream-base-url = "https://ntfy.sh";`
ntfy-sh: init 2023-02-18 19:54:15 +00:00			`keepalive-interval = "45s";`
ntfy: Enable WebPush 2023-07-21 11:59:14 +00:00
			`inherit (secret.ntfy) web-push-public-key web-push-private-key web-push-email-address;`
			`web-push-file = "/var/lib/ntfy-sh/webpush.db";`
ntfy-sh: init 2023-02-18 19:54:15 +00:00			`};`
			`};`
sail: Move more from CF 2023-03-06 14:25:59 +00:00
sail: Fix HSTS preload entries 2023-03-06 22:39:49 +00:00			`services.nginx.virtualHosts."ntfy.kempkens.io" = {`
nginx: re-enable quic/http3 2023-04-03 13:03:52 +00:00			`quic = true;`
sail: Fix HSTS preload entries 2023-03-06 22:39:49 +00:00			`http3 = true;`

			`forceSSL = true;`
			`useACMEHost = "kempkens.io";`

			`extraConfig = ''`
			`add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;`
			`'';`

			`locations."/" = {`
			`recommendedProxySettings = true;`
			`proxyWebsockets = true;`
			`proxyPass = "http://127.0.0.1:8004";`
sail: Move more from CF 2023-03-06 14:25:59 +00:00			`};`
			`};`
ntfy-sh: init 2023-02-18 19:54:15 +00:00			`}`