nki/nix-home
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity

Add some secrets to ntfy

Browse source
This commit is contained in:
Natsu Kagami 2025-04-25 21:15:17 +02:00
parent 9f67cf5ab1
commit 32e36051b0
Signed by: nki
GPG key ID: 55A032EB38B49ADB
3 changed files with 50 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
nki-personal-do/configuration.nix
View file

@ -33,6 +33,7 @@
./outline.nix ./outline.nix
./vikunja.nix ./vikunja.nix
./n8n.nix ./n8n.nix
./ntfy.nix
./grist.nix ./grist.nix
]; ];
@ -246,35 +247,6 @@
dataDir = "/mnt/data/grist"; dataDir = "/mnt/data/grist";
}; };
# ntfy
cloud.traefik.hosts.ntfy-sh = {
host = "ntfy.nkagami.me";
port = 11161;
noCloudflare = true;
};
services.ntfy-sh = {
enable = true;
settings = {
listen-http = "127.0.0.1:11161";
cache-file = "/var/lib/ntfy-sh/cache.db";
auth-file = "/var/lib/ntfy-sh/auth.db";
auth-default-access = "deny-all";
behind-proxy = true;
base-url = "https://ntfy.nkagami.me";
attachment-cache-dir = "/var/lib/ntfy-sh/attachments";
enable-login = true;
enable-reservations = true;
upstream-base-url = "https://ntfy.sh";
};
};
systemd.services.ntfy-sh.serviceConfig = {
WorkingDirectory = "/var/lib/ntfy-sh";
StateDirectory = "ntfy-sh";
};
systemd.services.ntfy-sh.preStart = ''
mkdir -p /var/lib/ntfy-sh/attachments
'';
# Trust my own cert # Trust my own cert
security.pki.certificateFiles = [ ../nki-home/cert.pem ]; security.pki.certificateFiles = [ ../nki-home/cert.pem ];
} }

44
nki-personal-do/ntfy.nix Normal file
View file

@ -0,0 +1,44 @@
{
config,
lib,
...
}:
{
sops.secrets."ntfy/env" = {
reloadUnits = [ "ntfy-sh.service" ];
};
# ntfy
cloud.traefik.hosts.ntfy-sh = {
host = "ntfy.nkagami.me";
port = 11161;
noCloudflare = true;
};
services.ntfy-sh = {
enable = true;
settings = {
listen-http = "127.0.0.1:11161";
cache-file = "/var/lib/ntfy-sh/cache.db";
auth-file = "/var/lib/ntfy-sh/auth.db";
auth-default-access = "deny-all";
behind-proxy = true;
base-url = "https://ntfy.nkagami.me";
attachment-cache-dir = "/var/lib/ntfy-sh/attachments";
enable-login = true;
enable-reservations = true;
upstream-base-url = "https://ntfy.sh";
};
};
systemd.services.ntfy-sh = {
serviceConfig = {
WorkingDirectory = "%S";
StateDirectory = "ntfy-sh";
CacheDirectory = "ntfy-sh";
EnvironmentFile = [ config.sops.secrets."ntfy/env".path ];
PreStart = ''
mkdir -p "$(pwd)/attachments"
'';
};
};
}

13
nki-personal-do/secrets/secrets.yaml
View file

@ -49,11 +49,9 @@ n8n:
env: ENC[AES256_GCM,data:LA/6tMfGgX0cDNfhIZ+n2Ay+6OW5gPPebcXQnfO3qQJSjMjf9vwauF2+W3KpIvM1Dsg3hyNEwqLNRn/28bgWC/qpBpgU2/gVI2n5oxcQaYGgnS/jB0nZWXvORVTnXjH0R+HBFCWgMJe7v+o0EeBH6kni/Nc9geb8paRkxZOGVKeJQy9K4OB2CN6FVO9KeR7gpeQpsh5V5SVW1MoND2tpCOiIK7d0uM6OHF/7p2RFrEEAarvJssj/dZRHjA/jALuqbQ6UDAaAppqlkEgIdZdFEfgebfCWR4e4aWjznW1DGOQQYtg4k/Kj8J/df8CWXX+lUO+9nTo/lhhcH395w+CRE8GUwze15yxQppUwqyLKdYwgmpK1tFnLP/W/As2f97c1fBB9rXrZYOUEIq4GspHOTPgjzcRfWOxX8cMKG69EmeZ3mWPsIDaC1ZvkVQjjcH/o9aC7QeFCwPfcy+mgI+9RjAaCw7qdig1CwgQabAaCd2hzQ4FTXBFJoZRfYZ1v3Rdwe8zqMivIcw2AHv6kYx6c9A==,iv:KmyJ/CLAGrYfzHjSWygtgA/+am9fUrKnOsGRPgV9QfU=,tag:G3LhfdSujcaC9ZZFUse0DQ==,type:str] env: ENC[AES256_GCM,data:LA/6tMfGgX0cDNfhIZ+n2Ay+6OW5gPPebcXQnfO3qQJSjMjf9vwauF2+W3KpIvM1Dsg3hyNEwqLNRn/28bgWC/qpBpgU2/gVI2n5oxcQaYGgnS/jB0nZWXvORVTnXjH0R+HBFCWgMJe7v+o0EeBH6kni/Nc9geb8paRkxZOGVKeJQy9K4OB2CN6FVO9KeR7gpeQpsh5V5SVW1MoND2tpCOiIK7d0uM6OHF/7p2RFrEEAarvJssj/dZRHjA/jALuqbQ6UDAaAppqlkEgIdZdFEfgebfCWR4e4aWjznW1DGOQQYtg4k/Kj8J/df8CWXX+lUO+9nTo/lhhcH395w+CRE8GUwze15yxQppUwqyLKdYwgmpK1tFnLP/W/As2f97c1fBB9rXrZYOUEIq4GspHOTPgjzcRfWOxX8cMKG69EmeZ3mWPsIDaC1ZvkVQjjcH/o9aC7QeFCwPfcy+mgI+9RjAaCw7qdig1CwgQabAaCd2hzQ4FTXBFJoZRfYZ1v3Rdwe8zqMivIcw2AHv6kYx6c9A==,iv:KmyJ/CLAGrYfzHjSWygtgA/+am9fUrKnOsGRPgV9QfU=,tag:G3LhfdSujcaC9ZZFUse0DQ==,type:str]
grist: grist:
env: ENC[AES256_GCM,data:eT4eFHMU6UgCr/lNbdqFivzZgNREHcM4b/7ZEoKYWWNssrgIJybLm709BG8Q8/kKnBHaFUlczRQNvjS/nexZ3LymMeiXEHcuxC7lEM5otMqKzYFar2Z4YzPaUWGGezYcYBK56Ia5CF8TdWDdTbgnaSBY6R2ViJYTvS3QSdK6AhWfgGrdTVbye2lL6b11TrfI4vC25DhHJbrhFCXf995Q4nnwoACGAQ+Pkk6dsuYme4plV4WfZ8w61Y4SyNhdWYPp/rsJiAQkPajVCFjfZhH6cQCxVmSVn4c59H8MFx4qTbbXCKp3tXV5eQPWQBri5rc1XXAxgHKyrBUpx3QiYI6UDjGbf6hjXPSEWHQPXFLiLVPgH0CjXZeyxcYsr2ZLcOF87grUTR+CcxbiP4CshuJbvKyWiQ4ISOAm3m84XjXNVqn2WEf4ndqpNEG8H+BVbQ9RrGvrdlJqcrqD6rNzw0y+4SEiVPpv1NQ5M7+f+SABO8S2T4BFp95fvX2DmR/z+c9g2xiAOmZDFMzjG97rPrKuZq8+b+H3jlBZ4mxUBiz7l0c3NJ1RGtIUgr+idYGMwpSyh4C1a6LEzlW72F4vF5e5sEyWAHApRGxQCIMAP7ACBotMYgIKSPAzwThHtoTcUdBlDiQw8blsU/1c/FzkpAF5kotyNnk4vJea0H1yZ7NSz12E61qH6utG1YW5BZzZn+TKj7RfPEqzFE1POA0H8v1egE0bu1ClrYDX112iGEGI4IQHXMOu2p15O0/D+Y+QBOhpDwQWbgDXTf3ZMS2tyBtOiYT//ejfExYzV99V9t86xqmAvHODc69WC5nzWUp7SqkLLTP6gBUPSrkPs4ugZRE0q3STOmcnfxGkgpW94oj+jcZZY5supmYWK6zvJsPF9mn6,iv:pfIiOiWVEl0wEK03gnWj+ZKxOBwtBtf1hqzYOSpTm10=,tag:il0r2A/Z8q88sAiVgsuEEA==,type:str] env: ENC[AES256_GCM,data:eT4eFHMU6UgCr/lNbdqFivzZgNREHcM4b/7ZEoKYWWNssrgIJybLm709BG8Q8/kKnBHaFUlczRQNvjS/nexZ3LymMeiXEHcuxC7lEM5otMqKzYFar2Z4YzPaUWGGezYcYBK56Ia5CF8TdWDdTbgnaSBY6R2ViJYTvS3QSdK6AhWfgGrdTVbye2lL6b11TrfI4vC25DhHJbrhFCXf995Q4nnwoACGAQ+Pkk6dsuYme4plV4WfZ8w61Y4SyNhdWYPp/rsJiAQkPajVCFjfZhH6cQCxVmSVn4c59H8MFx4qTbbXCKp3tXV5eQPWQBri5rc1XXAxgHKyrBUpx3QiYI6UDjGbf6hjXPSEWHQPXFLiLVPgH0CjXZeyxcYsr2ZLcOF87grUTR+CcxbiP4CshuJbvKyWiQ4ISOAm3m84XjXNVqn2WEf4ndqpNEG8H+BVbQ9RrGvrdlJqcrqD6rNzw0y+4SEiVPpv1NQ5M7+f+SABO8S2T4BFp95fvX2DmR/z+c9g2xiAOmZDFMzjG97rPrKuZq8+b+H3jlBZ4mxUBiz7l0c3NJ1RGtIUgr+idYGMwpSyh4C1a6LEzlW72F4vF5e5sEyWAHApRGxQCIMAP7ACBotMYgIKSPAzwThHtoTcUdBlDiQw8blsU/1c/FzkpAF5kotyNnk4vJea0H1yZ7NSz12E61qH6utG1YW5BZzZn+TKj7RfPEqzFE1POA0H8v1egE0bu1ClrYDX112iGEGI4IQHXMOu2p15O0/D+Y+QBOhpDwQWbgDXTf3ZMS2tyBtOiYT//ejfExYzV99V9t86xqmAvHODc69WC5nzWUp7SqkLLTP6gBUPSrkPs4ugZRE0q3STOmcnfxGkgpW94oj+jcZZY5supmYWK6zvJsPF9mn6,iv:pfIiOiWVEl0wEK03gnWj+ZKxOBwtBtf1hqzYOSpTm10=,tag:il0r2A/Z8q88sAiVgsuEEA==,type:str]
ntfy:
env: ENC[AES256_GCM,data:lo12e5wag1SBafkS7u7K4+Z5eJ/T26aijYVAl62oA+6bQSzQbmRqqDe6+4uXHvmAf6Fy5Lv3sZDnLiju2//A5kZ/rkiisIfOX6fVXzhVHE7yA+Pn1upfo3tdZQRCNENX0i77smjydpAZZpJsPdJ3JZT0DKItu88G0P9HmxhkFazfDY/08YucySmAQ7HS24gu1VId+4b2DMMKSJeyOb4rF0Ms33pdkhsC9UzGz8JwbMYqD6JDz6fl6gMXffA1iD+chaAsHyFczd80w1IiBE4PHCs0as9LoWCCq1i4nYC4TROWad02pa2HXH/5FW770JBrWfH1e2j8Zf/CmPtuusBw/cPp7yeS3LjRXhViHo993CgF+sczmppM1fbzQlycsAgZcJ9G5zofN1EBlmGDbMiqs5Vk8C1wLLnLtkUc3fHGYCaXWLGNH8xv3vqo5uzDiVk=,iv:nNiwSPSvRCGlg97kaqMAzwToT2LqedHxBq/XQzflgA8=,tag:OpZAHBwn8O7FACWnXfS4cw==,type:str]
sops: sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: age:
- recipient: age1tt0peqg8zdfh74m5sdgwsczcqh036nhgmwvkqnvywll88uvmm9xs433rhm - recipient: age1tt0peqg8zdfh74m5sdgwsczcqh036nhgmwvkqnvywll88uvmm9xs433rhm
enc: | enc: |
@ -82,8 +80,7 @@ sops:
by9kZFlTRVdCZFkxYTVVb0RIRk8zUlkKCqMw9oL9RaYBV5Hhy3o8Nm5xmGrPH8Sd by9kZFlTRVdCZFkxYTVVb0RIRk8zUlkKCqMw9oL9RaYBV5Hhy3o8Nm5xmGrPH8Sd
hv36sxRFFNZT/DCKaHaSRbT3mfpBZSTXJt1dgl4nZe6whH54t/1KmA== hv36sxRFFNZT/DCKaHaSRbT3mfpBZSTXJt1dgl4nZe6whH54t/1KmA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-06T23:20:44Z" lastmodified: "2025-04-25T18:32:59Z"
mac: ENC[AES256_GCM,data:XSYbqif2lhjTW2yUnoqtQehXG3DjS9It1IX4LplRMSxPkK0cpK64z/ouFRi12a1tjzE5YkdmZ9DDIxkAVPG8/5kgcZr5c4ddS/Zt4d97bCeeij47yuvhhoKMRzgIDSokMMmoelOV1k4FkDOfTDuMp2+tjyCao//N9YJjhhRPFYc=,iv:YpNNrIPotZAAQOF8GXBTpMjTFxYDdAFSLB1CBvLOE+k=,tag:1eGTkLRlL4s8TruVDPCA/g==,type:str] mac: ENC[AES256_GCM,data:egH9C4GA/8eKymtFlrC895LD/LstUUj8aAUQLjXARIdv/Dznz4cZlHcp35FXmjtgY2EAiMxDvqz94ewe4KXFwKrWYBeSle7RcaP1Ba59jyEEEAMLUpVTbDvvzBJkWgv1TkqXt+dEivqQRwmtbx4nd2sQlxr0Cz4NxrnEufP0Jg4=,iv:adO0n7PKZ66WJw4o63quBpB8YD/cj94KEyYxayC0A5k=,tag://FAL0E1ZExsXoA+7BlrcA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.4 version: 3.10.1