Better montiring, bug fixes.
This commit is contained in:
Aner Zakobar
+46
-13
@@ -75,6 +75,46 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
# Minimal config for the `ntfy user` CLI — the NixOS module puts its
|
||||
# generated config in the nix store under an unpredictable path, so we
|
||||
# write a separate file just containing the auth-file path. The server
|
||||
# ignores this file (it uses the module-generated one via -c flag).
|
||||
environment.etc."ntfy-sh/user-cli.yml" = {
|
||||
text = "auth-file: ${dataDir}/ntfy/auth.db\n";
|
||||
mode = "0444";
|
||||
};
|
||||
|
||||
# Create ntfy data directories on the external HD before ntfy starts.
|
||||
# Runs as a separate root service (outside ntfy-sh's restricted namespace)
|
||||
# so it can access /mnt/data without hitting ReadWritePaths restrictions.
|
||||
systemd.services.ntfy-sh-mkdir = {
|
||||
description = "Create Ntfy data directories on external HD";
|
||||
wantedBy = [ "ntfy-sh.service" ];
|
||||
before = [ "ntfy-sh.service" ];
|
||||
after = [ "mnt-data.mount" ];
|
||||
requires = [ "mnt-data.mount" ];
|
||||
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
ExecStart = pkgs.writeShellScript "ntfy-mkdir" ''
|
||||
set -euo pipefail
|
||||
mkdir -p ${dataDir}/ntfy/attachments
|
||||
chown -R ntfy-sh:ntfy-sh ${dataDir}/ntfy
|
||||
chmod 0750 ${dataDir}/ntfy ${dataDir}/ntfy/attachments
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
# Ensure ntfy-sh starts after the HD is mounted and dirs are ready.
|
||||
# Also widen ReadWritePaths so ntfy-sh can write to the external HD path
|
||||
# (the NixOS module restricts writes to /var/lib/ntfy-sh by default).
|
||||
systemd.services.ntfy-sh = {
|
||||
after = lib.mkAfter [ "mnt-data.mount" "ntfy-sh-mkdir.service" ];
|
||||
requires = lib.mkAfter [ "mnt-data.mount" "ntfy-sh-mkdir.service" ];
|
||||
serviceConfig.ReadWritePaths = lib.mkAfter [ "${dataDir}/ntfy" ];
|
||||
};
|
||||
|
||||
# -----------------------------------------------------------------------
|
||||
# Create the admin user on first start (idempotent)
|
||||
# -----------------------------------------------------------------------
|
||||
@@ -102,28 +142,21 @@ in
|
||||
|
||||
PASS=$(cat "$CREDENTIALS_DIRECTORY/ntfy_admin_password")
|
||||
|
||||
# ntfy user commands need the config file to find the auth database.
|
||||
# The NixOS ntfy-sh module writes config to /etc/ntfy-sh/server.yml.
|
||||
NTFY="${pkgs.ntfy-sh}/bin/ntfy user --config /etc/ntfy-sh/server.yml"
|
||||
# Use the minimal CLI config (just has auth-file path).
|
||||
NTFY="${pkgs.ntfy-sh}/bin/ntfy user --config /etc/ntfy-sh/user-cli.yml"
|
||||
|
||||
# ntfy user list exits non-zero if the user DB is empty/doesn't exist;
|
||||
# grep exits non-zero if the pattern is missing. Either means no admin.
|
||||
if $NTFY list 2>/dev/null | grep -qE "^admin\b"; then
|
||||
# ntfy user list outputs a Unicode table; grep for admin in it.
|
||||
# ntfy user add reads password + confirmation from stdin (two lines).
|
||||
if $NTFY list 2>/dev/null | grep -qE "admin"; then
|
||||
echo "ntfy-sh-setup: admin user already exists"
|
||||
else
|
||||
echo "$PASS" | $NTFY add --role=admin admin
|
||||
printf '%s\n%s\n' "$PASS" "$PASS" | $NTFY add --role=admin admin
|
||||
echo "ntfy-sh-setup: admin user created"
|
||||
fi
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
# Ensure ntfy-sh starts after the external HD is mounted
|
||||
systemd.services.ntfy-sh = {
|
||||
after = lib.mkAfter [ "mnt-data.mount" ];
|
||||
requires = lib.mkAfter [ "mnt-data.mount" ];
|
||||
};
|
||||
|
||||
# -----------------------------------------------------------------------
|
||||
# Uptime Kuma monitor for this service
|
||||
# -----------------------------------------------------------------------
|
||||
|
||||
Reference in New Issue
Block a user