From 9b38853216d0e4af781957107278b1d56885611a Mon Sep 17 00:00:00 2001 From: xinyangli Date: Wed, 31 Jul 2024 11:38:44 +0800 Subject: [PATCH] massicot/ntfy-sh: add --- machines/massicot/kanidm-provision.nix | 1 + machines/massicot/services.nix | 27 ++++++++++++++++++++++++++ modules/nixos/prometheus.nix | 2 +- 3 files changed, 29 insertions(+), 1 deletion(-) diff --git a/machines/massicot/kanidm-provision.nix b/machines/massicot/kanidm-provision.nix index 0fdb7b1..9eb10dd 100644 --- a/machines/massicot/kanidm-provision.nix +++ b/machines/massicot/kanidm-provision.nix @@ -61,6 +61,7 @@ hedgedoc = { displayName = "HedgeDoc"; originUrl = "https://docs.xinyang.life/"; + originLanding = "https://docs.xinyang.life/auth/oauth2"; allowInsecureClientDisablePkce = true; scopeMaps = { hedgedoc-users = [ "openid" "email" "profile" ]; diff --git a/machines/massicot/services.nix b/machines/massicot/services.nix index 6c87d4a..f7c9b6b 100644 --- a/machines/massicot/services.nix +++ b/machines/massicot/services.nix @@ -62,6 +62,19 @@ in group = "kanidm"; }; }; + + services.ntfy-sh = { + enable = true; + group = "caddy"; + settings = { + listen-unix = "/var/run/ntfy-sh/ntfy.sock"; + listen-unix-mode = 432; # octal 0660 + base-url = "https://ntfy.xinyang.life"; + }; + }; + + systemd.services.ntfy-sh.serviceConfig.RuntimeDirectory = "ntfy-sh"; + services.kanidm = { package = pkgs.kanidm.withSecretProvisioning; enableServer = true; @@ -161,6 +174,11 @@ in }; users.groups.git = { }; + users.users = { + ${config.services.caddy.user}.extraGroups = [ + config.services.ntfy-sh.group + ]; + }; services.caddy = { enable = true; @@ -191,5 +209,14 @@ in } } ''; + virtualHosts."https://ntfy.xinyang.life".extraConfig = '' + reverse_proxy unix/${config.services.ntfy-sh.settings.listen-unix} + @httpget { + protocol http + method GET + path_regexp ^/([-_a-z0-9]{0,64}$|docs/|static/) + } + redir @httpget https://{host}{uri} + ''; }; } diff --git a/modules/nixos/prometheus.nix b/modules/nixos/prometheus.nix index b4a02cc..d7e23fc 100644 --- a/modules/nixos/prometheus.nix +++ b/modules/nixos/prometheus.nix @@ -202,7 +202,7 @@ in } { alert = "HighRequestLatency"; - expr = "histogram_quantile(0.95, rate(caddy_http_request_duration_seconds_bucket[10m])) > 0.5"; + expr = "histogram_quantile(0.95, rate(caddy_http_request_duration_seconds_bucket[10m])) > 5"; for = "2m"; labels = { severity = "warning"; }; annotations = { summary = "High request latency on {{ $labels.instance }}"; description = "95th percentile of request latency is above 0.5 seconds for the last 2 minutes."; };