From e5fe18f28c52f7aaf07fc4efcb30390c2704c378 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom@hubrecht.ovh>
Date: Sun, 22 Oct 2023 20:51:18 +0200
Subject: [PATCH] feat(web01): Deploy ntfy-sh on push.dgnum.eu

---
 machines/web01/_configuration.nix |  1 +
 machines/web01/ntfy-sh.nix        | 26 ++++++++++++++++++++++++++
 patches/default.nix               |  6 ++++++
 3 files changed, 33 insertions(+)
 create mode 100644 machines/web01/ntfy-sh.nix

diff --git a/machines/web01/_configuration.nix b/machines/web01/_configuration.nix
index e831d78..66fc366 100644
--- a/machines/web01/_configuration.nix
+++ b/machines/web01/_configuration.nix
@@ -10,6 +10,7 @@ lib.extra.mkConfig {
     # List of services to enable
     "metis"
     "linkal"
+    "ntfy-sh"
     "plausible"
     "wordpress"
   ];
diff --git a/machines/web01/ntfy-sh.nix b/machines/web01/ntfy-sh.nix
new file mode 100644
index 0000000..e3b5411
--- /dev/null
+++ b/machines/web01/ntfy-sh.nix
@@ -0,0 +1,26 @@
+_:
+
+let host = "push.dgnum.eu";
+
+in {
+  services.ntfy-sh = {
+    enable = true;
+
+    settings = {
+      base-url = "https://${host}";
+      enable-login = true;
+      behind-proxy = true;
+      manager-interval = "1h";
+    };
+  };
+
+  services.nginx.virtualHosts.${host} = {
+    enableACME = true;
+    forceSSL = true;
+
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:2586";
+      proxyWebsockets = true;
+    };
+  };
+}
diff --git a/patches/default.nix b/patches/default.nix
index 4b8925e..a818d00 100644
--- a/patches/default.nix
+++ b/patches/default.nix
@@ -103,5 +103,11 @@
       excludes = [ "nixos/doc/manual/*" ];
       hash = "sha256-Hd3bRYncjnfHzEx+g6rb9cU3YmhF6W3QOtQUuDzw78U=";
     }
+
+    # nixos/ntfy.sh: use dynamic user + add defaults
+    {
+      id = 234811;
+      hash = "sha256-Yz007dCmGl5OxRDMSHv63Ww+LzoQISm9Ttiw0p/6spY=";
+    }
   ];
 }