Move ntfy to its own file

2024-11-16 02:30:33 +02:00 · 2024-11-16 02:30:33 +02:00 · f696b221bd
commit f696b221bd
parent d1e1fe6c5b
3 changed files with 35 additions and 30 deletions
--- a/caddy/default.nix
+++ b/caddy/default.nix
@ -80,8 +80,6 @@ in
        reverse_proxy :${toString config.services.lastfm-status.port}
      '';

-
-
      "http://syncthing.internal".extraConfig = ''
        @local remote_ip private_ranges 100.64.0.0/10
        reverse_proxy @local http://${config.services.syncthing.guiAddress}
@ -186,24 +184,6 @@ in
        }
      '';

-      "ntfy.catnip.ee".extraConfig = ''
-        tls {
-          dns cloudflare {env.CLOUDFLARE_API_TOKEN}
-          resolvers 1.1.1.1
-        }
-
-        reverse_proxy ${config.services.ntfy-sh.settings.listen-http}
-
-        # Redirect HTTP to HTTPS, but only for GET topic addresses, since we want
-        # it to work with curl without the annoying https:// prefix.
-        @httpget {
-            protocol http
-            method GET
-            path_regexp ^/([-_a-z0-9]{0,64}$|docs/|static/)
-        }
-        redir @httpget https://{host}{uri}
-      '';
-
      "cloud.catnip.ee".extraConfig = ''
        tls {
          dns cloudflare {env.CLOUDFLARE_API_TOKEN}
--- a/configuration.nix
+++ b/configuration.nix
@ -22,6 +22,7 @@
    ./services/blocky.nix
    ./services/coturn.nix
    ./services/feishin.nix
+    ./services/ntfy.nix
    inputs.lastfm-status.nixosModules.default
    inputs.confess.nixosModules.default
    inputs.common-modules.nixosModules.nixos-upgrade
@ -209,7 +210,6 @@
        "/var/lib/mysql"
        "/var/lib/postgresql"
        "/var/lib/nextcloud"
-        "/var/lib/private/ntfy-sh"
        "/var/lib/private/drasl"
        "/var/lib/acme"
        "/var/lib/tailscale"
@ -531,15 +531,6 @@
      };
    };

-    # /var/lib/ntfy-sh
-    ntfy-sh = {
-      enable = true;
-      settings = {
-        listen-http = ":4006";
-        base-url = "https://ntfy.catnip.ee";
-      };
-    };
-
    cloudflare-dyndns = {
      enable = true;
      apiTokenFile = "/etc/secrets/cloudflare-dyndns.env";
--- a/services/ntfy.nix
+++ b/services/ntfy.nix
@ -0,0 +1,34 @@
+{ config, ... }: {
+  services = {
+    # /var/lib/ntfy-sh
+    ntfy-sh = {
+      enable = true;
+      settings = {
+        listen-http = ":4006";
+        base-url = "https://ntfy.catnip.ee";
+      };
+    };
+    caddy.virtualHosts."ntfy.catnip.ee".extraConfig = ''
+      tls {
+        dns cloudflare {env.CLOUDFLARE_API_TOKEN}
+        resolvers 1.1.1.1
+      }
+
+      reverse_proxy ${config.services.ntfy-sh.settings.listen-http}
+
+      # Redirect HTTP to HTTPS, but only for GET topic addresses, since we want
+      # it to work with curl without the annoying https:// prefix.
+      @httpget {
+          protocol http
+          method GET
+          path_regexp ^/([-_a-z0-9]{0,64}$|docs/|static/)
+      }
+      redir @httpget https://{host}{uri}
+    '';
+
+    borgbackup.jobs."borgbase".paths = [
+      "/var/lib/ntfy-sh"
+      "/var/lib/private/ntfy-sh"
+    ];
+  };
+}