Harald Hoyer
19e2743c3b
- Disk check scripts now send ntfy alerts in addition to email - New ntfy-failure@ template service notifies on any systemd service failure - Uses sops-managed token for ntfy authentication Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
48 lines
1.3 KiB
Nix
48 lines
1.3 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
{
|
|
services.ntfy-sh = {
|
|
enable = true;
|
|
settings = {
|
|
base-url = "https://ntfy.hoyer.xyz";
|
|
behind-proxy = true;
|
|
auth-default-access = "deny-all";
|
|
};
|
|
};
|
|
|
|
services.nginx.virtualHosts."ntfy.hoyer.xyz" = {
|
|
useACMEHost = "hoyer.xyz";
|
|
enableACME = false;
|
|
forceSSL = true;
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:2586";
|
|
proxyWebsockets = true;
|
|
};
|
|
};
|
|
|
|
# Notify via ntfy on any service failure (alongside email)
|
|
systemd.services."ntfy-failure@" = {
|
|
description = "Send ntfy notification on service failure";
|
|
onFailure = lib.mkForce [ ];
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
ExecStart = pkgs.writeShellScript "ntfy-failure-notify" ''
|
|
TOKEN=$(cat ${config.sops.secrets.ntfy.path})
|
|
UNIT="$1"
|
|
${pkgs.curl}/bin/curl -s \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Title: Service failed: $UNIT" \
|
|
-H "Priority: urgent" \
|
|
-H "Tags: rotating_light" \
|
|
-d "$(systemctl status --full "$UNIT" 2>&1 | head -40)" \
|
|
http://127.0.0.1:2586/alerts
|
|
'';
|
|
};
|
|
scriptArgs = "%i";
|
|
};
|
|
|
|
systemd.services = lib.mkOption {
|
|
type = lib.types.attrsOf (lib.types.submodule {
|
|
config.onFailure = [ "ntfy-failure@%n.service" ];
|
|
});
|
|
};
|
|
}
|