Add some secrets to ntfy

2025-04-25 21:15:17 +02:00 · 2025-04-25 21:15:17 +02:00 · 32e36051b0
commit 32e36051b0
parent 9f67cf5ab1
3 changed files with 50 additions and 37 deletions
--- a/nki-personal-do/ntfy.nix
+++ b/nki-personal-do/ntfy.nix
@ -0,0 +1,44 @@
+{
+  config,
+  lib,
+  ...
+}:
+{
+
+  sops.secrets."ntfy/env" = {
+    reloadUnits = [ "ntfy-sh.service" ];
+  };
+
+  # ntfy
+  cloud.traefik.hosts.ntfy-sh = {
+    host = "ntfy.nkagami.me";
+    port = 11161;
+    noCloudflare = true;
+  };
+  services.ntfy-sh = {
+    enable = true;
+    settings = {
+      listen-http = "127.0.0.1:11161";
+      cache-file = "/var/lib/ntfy-sh/cache.db";
+      auth-file = "/var/lib/ntfy-sh/auth.db";
+      auth-default-access = "deny-all";
+      behind-proxy = true;
+      base-url = "https://ntfy.nkagami.me";
+      attachment-cache-dir = "/var/lib/ntfy-sh/attachments";
+      enable-login = true;
+      enable-reservations = true;
+      upstream-base-url = "https://ntfy.sh";
+    };
+  };
+  systemd.services.ntfy-sh = {
+    serviceConfig = {
+      WorkingDirectory = "%S";
+      StateDirectory = "ntfy-sh";
+      CacheDirectory = "ntfy-sh";
+      EnvironmentFile = [ config.sops.secrets."ntfy/env".path ];
+      PreStart = ''
+        mkdir -p "$(pwd)/attachments"
+      '';
+    };
+  };
+}