feat: add nixarr

machines/moritz-server/nixarr/ntfy.nix

@@ -0,0 +1,72 @@
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}: let
+  createAdminUser = pkgs.writeShellApplication {
+    name = "create-admin-user";
+    runtimeInputs = [config.services.ntfy-sh.package];
+    text = ''
+      file="/var/lib/ntfy-sh/admin-created"
+      if [ ! -f $file ]; then
+        NTFY_PASSWORD="$(cat "${config.clan.core.vars.generators.ntfy.files.password.path}")" ntfy user add --role=admin admin
+        touch "$file"
+      fi
+    '';
+  };
+in {
+  clan.core.vars.generators."ntfy" = {
+    prompts.password = {
+      type = "hidden";
+      persist = true;
+      description = "Leave empty to generate automatically";
+    };
+
+    files.password = {};
+
+    runtimeInputs = [
+      pkgs.coreutils
+      pkgs.xkcdpass
+    ];
+
+    script = ''
+      prompt_value="$(cat "$prompts/password")"
+      if [[ -n "''${prompt_value-}" ]]; then
+        echo "$prompt_value" | tr -d "\n" > "$out"/password
+      else
+        xkcdpass --numwords 4 --delimiter - --count 1 | tr -d "\n" > "$out"/password
+      fi
+    '';
+  };
+  services.ntfy-sh = {
+    enable = true;
+    settings = {
+      base-url = "https://ntfy.moritz.place";
+      listen-http = ":2586";
+      behind-proxy = true;
+      auth-default-access = "deny-all";
+    };
+  };
+
+  systemd.services.ntfy-sh-setup = {
+    description = "Setup ntfy user";
+    wantedBy = ["default.target"];
+    requires = ["ntfy-sh.service"];
+    after = ["ntfy-sh.service"];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+      ExecStart = lib.getExe createAdminUser;
+    };
+  };
+
+  services.nginx.virtualHosts."ntfy.moritz.place" = {
+    forceSSL = true;
+    useACMEHost = "any.moritz.place";
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:2586";
+      proxyWebsockets = true;
+    };
+  };
+}