un container
This commit is contained in:
@@ -19,62 +19,52 @@ let
|
||||
base-url = "https://${cfg.reverseProxy.subdomain}.mjallen.dev";
|
||||
enable-login = true;
|
||||
listen-http = ":${toString cfg.port}";
|
||||
cache-file = "/var/lib/ntfy-sh/cache.db";
|
||||
attachment-cache-dir = "/var/lib/ntfy-sh/attachments";
|
||||
cache-file = "${cfg.dataDir}/cache.db";
|
||||
attachment-cache-dir = "/${cfg.dataDir}/attachments";
|
||||
behind-proxy = true;
|
||||
auth-default-access = "deny-all";
|
||||
auth-file = "/var/lib/ntfy-sh/user.db";
|
||||
auth-file = "${cfg.dataDir}/user.db";
|
||||
auth-users = [
|
||||
"mjallen:$2a$10$g4TqI8UiKKVaKTmrwnXIw.wtajiLBM6oc3UCfJ//lPZFilJnBirn.:admin"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
# Create and set permissions for required directories
|
||||
system.activationScripts.ntfy-dirs = ''
|
||||
mkdir -p /var/lib/ntfy-sh
|
||||
|
||||
chown -R ntfy-sh:ntfy-sh /var/lib/ntfy-sh
|
||||
|
||||
chmod -R 775 /var/lib/ntfy-sh
|
||||
'';
|
||||
};
|
||||
|
||||
bindMounts = {
|
||||
"/var/lib/ntfy-sh" = {
|
||||
hostPath = cfg.dataDir;
|
||||
isReadOnly = false;
|
||||
systemd.services = {
|
||||
ntfy-sh = {
|
||||
serviceConfig = {
|
||||
WorkingDirectory = lib.mkForce cfg.dataDir;
|
||||
StateDirectory = lib.mkForce cfg.dataDir;
|
||||
StateDirectoryMode = lib.mkForce 700;
|
||||
DynamicUser = lib.mkForce false;
|
||||
ProtectSystem = lib.mkForce null;
|
||||
};
|
||||
};
|
||||
};
|
||||
"/run/.env" = {
|
||||
hostPath = ntfyEnvFile;
|
||||
isReadOnly = true;
|
||||
|
||||
users.users.ntfy-sh = {
|
||||
isSystemUser = true;
|
||||
group = "ntfy-sh";
|
||||
home = cfg.dataDir;
|
||||
};
|
||||
users.groups.ntfy-sh = {};
|
||||
};
|
||||
|
||||
# Create reverse proxy configuration using mkReverseProxy
|
||||
reverseProxyConfig = lib.${namespace}.mkReverseProxy {
|
||||
name = "ntfy";
|
||||
subdomain = cfg.reverseProxy.subdomain;
|
||||
url = "http://${cfg.localAddress}:${toString cfg.port}";
|
||||
url = "http://10.0.1.3:${toString cfg.port}";
|
||||
middlewares = cfg.reverseProxy.middlewares;
|
||||
};
|
||||
|
||||
ntfyContainer =
|
||||
(lib.${namespace}.mkContainer {
|
||||
name = "ntfy";
|
||||
localAddress = cfg.localAddress;
|
||||
ports = [ cfg.port ];
|
||||
bindMounts = bindMounts;
|
||||
config = ntfyConfig;
|
||||
})
|
||||
{ inherit lib; };
|
||||
|
||||
fullConfig = {
|
||||
${namespace}.services.traefik = lib.mkIf cfg.reverseProxy.enable {
|
||||
"${namespace}".services.traefik = lib.mkIf cfg.reverseProxy.enable {
|
||||
reverseProxies = [ reverseProxyConfig ];
|
||||
};
|
||||
}
|
||||
// ntfyContainer;
|
||||
// ntfyConfig;
|
||||
in
|
||||
with lib;
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user