{ config, lib, libNginx, this, ... }: with lib; let cfg = config.nixfiles.modules.ntfy; in { options.nixfiles.modules.ntfy = { enable = mkEnableOption "ntfy"; port = mkOption { description = "Port."; type = types.port; default = 2586; }; domain = mkOption { description = "Domain name sans protocol scheme."; type = with types; str; default = "ntfy.${config.networking.domain}"; }; prometheus = { enable = mkEnableOption "Prometheus exporter." // { default = true; }; address = mkOption { description = "Address."; type = with types; str; default = this.wireguard.ipv4.address; }; port = mkOption { description = "Port."; type = with types; port; default = 9289; }; }; }; config = mkIf cfg.enable { ark.files = [ config.services.ntfy-sh.settings.auth-file ]; nixfiles.modules.nginx = { enable = true; upstreams.ntfy.servers.${config.services.ntfy-sh.settings.listen-http} = { }; virtualHosts.${cfg.domain} = { locations = { "/" = { proxyPass = "http://ntfy"; proxyWebsockets = true; }; "/metrics".extraConfig = '' deny all; ''; }; extraConfig = libNginx.config.internalOnly; }; }; services.ntfy-sh = { enable = true; settings = { listen-http = "127.0.0.1:${toString cfg.port}"; base-url = "https://${cfg.domain}"; behind-proxy = true; enable-metrics = cfg.prometheus.enable; metrics-listen-http = with cfg.prometheus; optionalString cfg.prometheus.enable "${address}:${toString port}"; }; }; }; }