From fba8ef513596d2f9b844dc1b8e3fa3e08d019a3f Mon Sep 17 00:00:00 2001
From: stuebinm
Date: Tue, 1 Aug 2023 23:44:39 +0200
Subject: try out a ntfy on flora

(with thanks to emilyy's nix config; let's see if this makes sense for me)
---
 flora/configuration.nix |  1 +
 flora/services/ntfy.nix | 35 +++++++++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+)
 create mode 100644 flora/services/ntfy.nix

diff --git a/flora/configuration.nix b/flora/configuration.nix
index 51b9674..50a60d0 100644
--- a/flora/configuration.nix
+++ b/flora/configuration.nix
@@ -13,6 +13,7 @@
     ./services/mail.nix
     ./services/trainspotter.nix
     ./services/element.nix
+    ./services/ntfy.nix
   ];
   
   # Use the GRUB 2 boot loader.
diff --git a/flora/services/ntfy.nix b/flora/services/ntfy.nix
new file mode 100644
index 0000000..cda212d
--- /dev/null
+++ b/flora/services/ntfy.nix
@@ -0,0 +1,35 @@
+{ config, ... }:
+
+{
+  services.ntfy-sh = {
+    enable = true;
+    settings = {
+      base-url = "https://ping.stuebinm.eu";
+      behind-proxy = true;
+      listen-http = "";
+      listen-unix = "/run/ntfy-sh/ntfy.sock";
+      listen-unix-mode = 511; ## lossy nix->yaml conversion eats octal literals (equal to 0777)
+
+      auth-file = "/var/lib/ntfy-sh/user.db";
+      auth-default-access = "deny-all";
+
+      enable-signup = false;
+      visitor-email-limit-burst = 0;
+    };
+  };
+
+  services.nginx.virtualHosts."ping.stuebinm.eu" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      proxyPass = "http://unix:/run/ntfy-sh/ntfy.sock";
+      proxyWebsockets = true;
+    };
+  };
+
+  systemd.services.ntfy-sh = {
+    serviceConfig = {
+      RuntimeDirectory = [ "ntfy-sh" ];
+    };
+  };
+}
-- 
cgit v1.2.3