massicot/ntfy-sh: add

2024-07-31 11:38:44 +08:00 · 2024-07-31 11:38:44 +08:00 · 9b38853216
commit 9b38853216
parent f418cf8620
3 changed files with 29 additions and 1 deletions
--- a/machines/massicot/kanidm-provision.nix
+++ b/machines/massicot/kanidm-provision.nix
@ -61,6 +61,7 @@
    hedgedoc = {
      displayName = "HedgeDoc";
      originUrl = "https://docs.xinyang.life/";
+      originLanding = "https://docs.xinyang.life/auth/oauth2";
      allowInsecureClientDisablePkce = true;
      scopeMaps = {
        hedgedoc-users = [ "openid" "email" "profile" ];
--- a/machines/massicot/services.nix
+++ b/machines/massicot/services.nix
@ -62,6 +62,19 @@ in
        group = "kanidm";
    };
  };
+
+  services.ntfy-sh = {
+    enable = true;
+    group = "caddy";
+    settings = {
+      listen-unix = "/var/run/ntfy-sh/ntfy.sock";
+      listen-unix-mode = 432; # octal 0660
+      base-url = "https://ntfy.xinyang.life";
+    };
+  };
+
+  systemd.services.ntfy-sh.serviceConfig.RuntimeDirectory = "ntfy-sh";
+
  services.kanidm = {
    package = pkgs.kanidm.withSecretProvisioning;
    enableServer = true;
@ -161,6 +174,11 @@ in
  };
  users.groups.git = { };

+  users.users = {
+    ${config.services.caddy.user}.extraGroups = [
+      config.services.ntfy-sh.group
+    ];
+  };

  services.caddy = {
    enable = true;
@ -191,5 +209,14 @@ in
          }
      }
    '';
+    virtualHosts."https://ntfy.xinyang.life".extraConfig =  ''
+      reverse_proxy unix/${config.services.ntfy-sh.settings.listen-unix}
+      @httpget {
+        protocol http
+        method GET
+        path_regexp ^/([-_a-z0-9]{0,64}$|docs/|static/)
+      }
+      redir @httpget https://{host}{uri}
+    '';
  };
 }
--- a/modules/nixos/prometheus.nix
+++ b/modules/nixos/prometheus.nix
@ -202,7 +202,7 @@ in
                  }
                  {
                    alert = "HighRequestLatency";
-                    expr = "histogram_quantile(0.95, rate(caddy_http_request_duration_seconds_bucket[10m])) > 0.5";
+                    expr = "histogram_quantile(0.95, rate(caddy_http_request_duration_seconds_bucket[10m])) > 5";
                    for = "2m";
                    labels = { severity = "warning"; };
                    annotations = { summary = "High request latency on {{ $labels.instance }}"; description = "95th percentile of request latency is above 0.5 seconds for the last 2 minutes."; };