xin/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

massicot/ntfy-sh: add

Browse source
This commit is contained in:
xinyangli 2024-07-31 11:38:44 +08:00
parent f418cf8620
commit 9b38853216
Signed by: xin
SSH key fingerprint: SHA256:qZ/tzd8lYRtUFSrfBDBMcUqV4GHKxqeqRA3huItgvbk
3 changed files with 29 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
machines/massicot/kanidm-provision.nix
View file

@ -61,6 +61,7 @@
hedgedoc = { hedgedoc = {
displayName = "HedgeDoc"; displayName = "HedgeDoc";
originUrl = "https://docs.xinyang.life/"; originUrl = "https://docs.xinyang.life/";
originLanding = "https://docs.xinyang.life/auth/oauth2";
allowInsecureClientDisablePkce = true; allowInsecureClientDisablePkce = true;
scopeMaps = { scopeMaps = {
hedgedoc-users = [ "openid" "email" "profile" ]; hedgedoc-users = [ "openid" "email" "profile" ];

27
machines/massicot/services.nix
View file

@ -62,6 +62,19 @@ in
group = "kanidm"; group = "kanidm";
}; };
}; };
services.ntfy-sh = {
enable = true;
group = "caddy";
settings = {
listen-unix = "/var/run/ntfy-sh/ntfy.sock";
listen-unix-mode = 432; # octal 0660
base-url = "https://ntfy.xinyang.life";
};
};
systemd.services.ntfy-sh.serviceConfig.RuntimeDirectory = "ntfy-sh";
services.kanidm = { services.kanidm = {
package = pkgs.kanidm.withSecretProvisioning; package = pkgs.kanidm.withSecretProvisioning;
enableServer = true; enableServer = true;
@ -161,6 +174,11 @@ in
}; };
users.groups.git = { }; users.groups.git = { };
users.users = {
${config.services.caddy.user}.extraGroups = [
config.services.ntfy-sh.group
];
};
services.caddy = { services.caddy = {
enable = true; enable = true;
@ -191,5 +209,14 @@ in
} }
} }
''; '';
virtualHosts."https://ntfy.xinyang.life".extraConfig = ''
reverse_proxy unix/${config.services.ntfy-sh.settings.listen-unix}
@httpget {
protocol http
method GET
path_regexp ^/([-_a-z0-9]{0,64}$|docs/|static/)
}
redir @httpget https://{host}{uri}
'';
}; };
} }

2
modules/nixos/prometheus.nix
View file

@ -202,7 +202,7 @@ in
} }
{ {
alert = "HighRequestLatency"; alert = "HighRequestLatency";
expr = "histogram_quantile(0.95, rate(caddy_http_request_duration_seconds_bucket[10m])) > 0.5"; expr = "histogram_quantile(0.95, rate(caddy_http_request_duration_seconds_bucket[10m])) > 5";
for = "2m"; for = "2m";
labels = { severity = "warning"; }; labels = { severity = "warning"; };
annotations = { summary = "High request latency on {{ $labels.instance }}"; description = "95th percentile of request latency is above 0.5 seconds for the last 2 minutes."; }; annotations = { summary = "High request latency on {{ $labels.instance }}"; description = "95th percentile of request latency is above 0.5 seconds for the last 2 minutes."; };