dotfiles/system/nixos/ntfy-sh.nix

43 lines
1 KiB
Nix

{ secret, ... }:
{
services.ntfy-sh = {
enable = true;
settings = {
base-url = "https://ntfy.kempkens.io";
listen-http = "127.0.0.1:8004";
behind-proxy = true;
auth-file = "/var/lib/ntfy-sh/user.db";
auth-default-access = "deny-all";
cache-file = "/var/lib/ntfy-sh/cache.db";
attachment-cache-dir = "/var/lib/ntfy-sh/cache-attachments";
upstream-base-url = "https://ntfy.sh";
keepalive-interval = "45s";
inherit (secret.ntfy) web-push-public-key web-push-private-key web-push-email-address;
web-push-file = "/var/lib/ntfy-sh/webpush.db";
};
};
services.nginx.virtualHosts."ntfy.kempkens.io" = {
quic = true;
http3 = true;
forceSSL = true;
useACMEHost = "kempkens.io";
extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
'';
locations."/" = {
recommendedProxySettings = true;
proxyWebsockets = true;
proxyPass = "http://127.0.0.1:8004";
};
};
}