mirror of
https://github.com/SebastianWendel/nixpkgs.git
synced 2024-09-20 04:19:00 +02:00
nixos/ntfy-sh: use dynamic user and add defaults
This commit is contained in:
parent
a88e75b4fd
commit
ee1c6053fb
|
@ -61,8 +61,17 @@ in
|
||||||
|
|
||||||
services.ntfy-sh.settings = {
|
services.ntfy-sh.settings = {
|
||||||
auth-file = mkDefault "/var/lib/ntfy-sh/user.db";
|
auth-file = mkDefault "/var/lib/ntfy-sh/user.db";
|
||||||
|
listen-http = mkDefault "127.0.0.1:2586";
|
||||||
|
attachment-cache-dir = mkDefault "/var/lib/ntfy-sh/attachments";
|
||||||
|
cache-file = mkDefault "/var/lib/ntfy-sh/cache-file.db";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"f ${cfg.settings.auth-file} 0600 ${cfg.user} ${cfg.group} - -"
|
||||||
|
"d ${cfg.settings.attachment-cache-dir} 0700 ${cfg.user} ${cfg.group} - -"
|
||||||
|
"f ${cfg.settings.cache-file} 0600 ${cfg.user} ${cfg.group} - -"
|
||||||
|
];
|
||||||
|
|
||||||
systemd.services.ntfy-sh = {
|
systemd.services.ntfy-sh = {
|
||||||
description = "Push notifications server";
|
description = "Push notifications server";
|
||||||
|
|
||||||
|
@ -74,6 +83,7 @@ in
|
||||||
User = cfg.user;
|
User = cfg.user;
|
||||||
StateDirectory = "ntfy-sh";
|
StateDirectory = "ntfy-sh";
|
||||||
|
|
||||||
|
DynamicUser = true;
|
||||||
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
|
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
|
||||||
PrivateTmp = true;
|
PrivateTmp = true;
|
||||||
NoNewPrivileges = true;
|
NoNewPrivileges = true;
|
||||||
|
@ -88,6 +98,8 @@ in
|
||||||
RestrictNamespaces = true;
|
RestrictNamespaces = true;
|
||||||
RestrictRealtime = true;
|
RestrictRealtime = true;
|
||||||
MemoryDenyWriteExecute = true;
|
MemoryDenyWriteExecute = true;
|
||||||
|
# Upstream Recommandation
|
||||||
|
LimitNOFILE = 20500;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -3,6 +3,7 @@ import ./make-test-python.nix {
|
||||||
|
|
||||||
nodes.machine = { ... }: {
|
nodes.machine = { ... }: {
|
||||||
services.ntfy-sh.enable = true;
|
services.ntfy-sh.enable = true;
|
||||||
|
services.ntfy-sh.settings.base-url = "http://localhost:2586";
|
||||||
};
|
};
|
||||||
|
|
||||||
testScript = ''
|
testScript = ''
|
||||||
|
@ -12,12 +13,14 @@ import ./make-test-python.nix {
|
||||||
|
|
||||||
machine.wait_for_unit("multi-user.target")
|
machine.wait_for_unit("multi-user.target")
|
||||||
|
|
||||||
machine.wait_for_open_port(80)
|
machine.wait_for_open_port(2586)
|
||||||
|
|
||||||
machine.succeed(f"curl -d '{msg}' localhost:80/test")
|
machine.succeed(f"curl -d '{msg}' localhost:2586/test")
|
||||||
|
|
||||||
notif = json.loads(machine.succeed("curl -s localhost:80/test/json?poll=1"))
|
notif = json.loads(machine.succeed("curl -s localhost:2586/test/json?poll=1"))
|
||||||
|
|
||||||
assert msg == notif["message"], "Wrong message"
|
assert msg == notif["message"], "Wrong message"
|
||||||
|
|
||||||
|
machine.succeed("ntfy user list")
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue