1
0
Fork 0
dotfiles/system/nixos/ntfy-sh.nix

39 lines
882 B
Nix

{ secret, ... }:
{
services.ntfy-sh = {
enable = true;
settings = {
base-url = secret.ntfy.baseUrl;
listen-http = "127.0.0.1:8004";
behind-proxy = true;
auth-file = "/var/lib/ntfy-sh/user.db";
auth-default-access = "deny-all";
cache-file = "/var/lib/ntfy-sh/cache.db";
attachment-cache-dir = "/var/lib/ntfy-sh/cache-attachments";
upstream-base-url = "https://ntfy.sh";
keepalive-interval = "45s";
};
};
services.nginx.virtualHosts."ntfy.kempkens.io" = {
http3 = true;
forceSSL = true;
useACMEHost = "kempkens.io";
extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
'';
locations."/" = {
recommendedProxySettings = true;
proxyWebsockets = true;
proxyPass = "http://127.0.0.1:8004";
};
};
}