43 lines
1 KiB
Nix
43 lines
1 KiB
Nix
{ secret, ... }:
|
|
|
|
{
|
|
services.ntfy-sh = {
|
|
enable = true;
|
|
|
|
settings = {
|
|
base-url = "https://ntfy.kempkens.io";
|
|
listen-http = "127.0.0.1:8004";
|
|
behind-proxy = true;
|
|
|
|
auth-file = "/var/lib/ntfy-sh/user.db";
|
|
auth-default-access = "deny-all";
|
|
|
|
cache-file = "/var/lib/ntfy-sh/cache.db";
|
|
attachment-cache-dir = "/var/lib/ntfy-sh/cache-attachments";
|
|
|
|
upstream-base-url = "https://ntfy.sh";
|
|
keepalive-interval = "45s";
|
|
|
|
inherit (secret.ntfy) web-push-public-key web-push-private-key web-push-email-address;
|
|
web-push-file = "/var/lib/ntfy-sh/webpush.db";
|
|
};
|
|
};
|
|
|
|
services.nginx.virtualHosts."ntfy.kempkens.io" = {
|
|
quic = true;
|
|
http3 = true;
|
|
|
|
forceSSL = true;
|
|
useACMEHost = "kempkens.io";
|
|
|
|
extraConfig = ''
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
|
'';
|
|
|
|
locations."/" = {
|
|
recommendedProxySettings = true;
|
|
proxyWebsockets = true;
|
|
proxyPass = "http://127.0.0.1:8004";
|
|
};
|
|
};
|
|
}
|