diff --git a/machines/bomba/secrets.nix b/machines/bomba/secrets.nix index 796e418..3826266 100644 --- a/machines/bomba/secrets.nix +++ b/machines/bomba/secrets.nix @@ -1,6 +1,23 @@ -{ ... }: +{ config, ... }: { - sops.secrets = { - nextcloud_password.sopsFile = ../../secrets/bomba.sops.yaml; + sops = { + secrets = { + nextcloud_password = { + owner = "nextcloud"; + sopsFile = ../../secrets/bomba.sops.yaml; + }; + ntfy_users = { + owner = "ntfy-sh"; + sopsFile = ../../secrets/bomba.sops.yaml; + }; + ntfy_access = { + owner = "ntfy-sh"; + sopsFile = ../../secrets/bomba.sops.yaml; + }; + }; + templates."ntfy.env".content = '' + NTFY_AUTH_USERS='${config.sops.placeholder.ntfy_users}' + NTFY_AUTH_ACCESS='${config.sops.placeholder.ntfy_access}' + ''; }; } diff --git a/machines/bomba/services/default.nix b/machines/bomba/services/default.nix index f8e11c6..37c6ece 100644 --- a/machines/bomba/services/default.nix +++ b/machines/bomba/services/default.nix @@ -1,9 +1,10 @@ { ... }: { imports = [ + # ./nginx.nix ./gitea.nix ./nextcloud.nix - # ./nginx.nix + ./ntfy.nix ./octoprint.nix ./vaultwarden.nix ]; diff --git a/machines/bomba/services/nextcloud.nix b/machines/bomba/services/nextcloud.nix index 404f7ae..3d08d38 100644 --- a/machines/bomba/services/nextcloud.nix +++ b/machines/bomba/services/nextcloud.nix @@ -19,6 +19,11 @@ settings = { default_phone_region = "IT"; overwriteprotocol = "https"; + mail_domain = "patrickcanal.it"; + mail_from_address = "nextcloud"; + mail_smtphost = "127.0.0.1"; + mail_smtpport = 25; + log_type = "file"; trusted_domains = [ "nextcloud.patrickcanal.it" ]; diff --git a/machines/bomba/services/ntfy.nix b/machines/bomba/services/ntfy.nix new file mode 100644 index 0000000..47e7673 --- /dev/null +++ b/machines/bomba/services/ntfy.nix @@ -0,0 +1,16 @@ +{ config, ... }: +{ + services.ntfy-sh = { + enable = true; + environmentFile = config.sops.templates."ntfy.env".path; + settings = { + listen-http = ":8005"; + base-url = "https://ntfy.patrickcanal.it"; + smtp-server-listen = ":25"; + smtp-server-domain = "patrickcanal.it"; + behind-proxy = true; + enable-login = true; + require-login = true; + }; + }; +} diff --git a/secrets/bomba.sops.yaml b/secrets/bomba.sops.yaml index de601d2..b9e7268 100644 --- a/secrets/bomba.sops.yaml +++ b/secrets/bomba.sops.yaml @@ -1,4 +1,6 @@ nextcloud_password: ENC[AES256_GCM,data:lMavQvl4grki9c5AgaKE8Q==,iv:jJ0/Wka5/2TBD4C739HBeiVzxujWC4WL6FDLqov6FVA=,tag:1skCLwSr6VSzZWthtzaxwg==,type:str] +ntfy_users: ENC[AES256_GCM,data:jFN6axA2cyszWRWRcLMe0KRmLeqM8rPho7/k0tOZGajJ33CO7uAul9tQ9LjEl59lhgrX13fnH5ofBOoRZAC/Ck1wS/PcSbSO,iv:TlelbuZkIo8iI5njBEQQLK8FClbpDo/bFraLwoQ0Kkk=,tag:M9Uh5SHs77ONsnPIqZuO2g==,type:str] +ntfy_access: ENC[AES256_GCM,data:7bcKYCS8,iv:Wwm1g/+0SzgAYh2tjKvJQEL2RJDG2tKqI4OjNeJjvio=,tag:nJ304eakWx0Kvo8I8bXPJQ==,type:str] sops: age: - recipient: age1ynu6zhhy84rr5xqce0flp25x5tnfgskesxfe39u7ewsk900fvagq9sq0lx @@ -10,7 +12,7 @@ sops: YjVvSDV1TGExYUJGUk00MTF4bXNFVTQKG/GueSmnuA23L42X6AvAWZgBbJuCGLw1 ZQ17gIIOjhKHlGx8Lo5t/PekzFyQKCKdijS7caq74dVib1vO3tk+uQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-03-13T07:59:07Z" - mac: ENC[AES256_GCM,data:xJWtKkpQuAPXcToLfWuEshInHIBG59uKoQAh3+SmKu/UAkvMDNywMZbBhrxn/cF/xo8TKkaPxd4luXsdw+Z0YvVezn43jKNyXsIrUNtd5hMlE4hbAuAf/ifb3t2AVg1s/R6GZWMZvc0rmSePTWyowHgceaxTqHPr6vvHEVHt0oM=,iv:UXYUS/sn1+TcUOAWAQC1y+TtDIayNez6ssYh+Qt5AmI=,tag:YgWujpGrzwtjnEsLoKm3ig==,type:str] + lastmodified: "2026-03-14T07:23:58Z" + mac: ENC[AES256_GCM,data:nCPTfEu1wGfUtnJzMQISmrd5DHSffMacwgVYurFE1sWzhDue2fXssUCTbqf/bnzak5kB2TFkpZGH+SywC8BrCh+pRyG+Ey2HMHDCkM8eXrfyFxzV8k3V0pa9Ek+Rs63vaX1lRFBFh4iQtdLThjs/mnw3nla/B8wO/ArZ3NhF95k=,iv:8160XN5N36HwgjDUWulvS6tBk80svOt7DtXNqNNv5zU=,tag:1nrrxUjKTV0pPUr8S6e9+g==,type:str] unencrypted_suffix: _unencrypted version: 3.12.1