update flake and add ntfy

modules/system/services/server/default.nix

@@ -15,6 +15,7 @@
     ./nextcloud
     ./nfs
     ./nginx
+    ./ntfy
     ./owncast
     ./transmission
     ./uptime-kuma

modules/system/services/server/nextcloud/default.nix

@@ -19,6 +19,8 @@
         trusted_proxies = [ "127.0.0.1" ];
         trusted_domains = [ config.services.nextcloud.hostName ];
         overwriteprotocol = "https";
+
+        # email
         mail_smtphost = "mx.${config.vars.mailDomain}";
         mail_domain = "${config.vars.primeDomain}";
         mail_from_address = "noreply";

modules/system/services/server/ntfy/default.nix

@@ -0,0 +1,19 @@
+{ config, lib, ... }:
+{
+  imports = [
+    ./nginx
+  ];
+
+  config = lib.mkIf config.services.ntfy-sh.enable {
+    services.ntfy-sh.settings = {
+      base-url = "https://ntfy.${config.vars.primeDomain}";
+      behind-proxy = true;
+      listen-http = ":8811";
+
+      smtp-sender-addr = "mx.${config.vars.mailDomain}:587";
+      smtp-sender-user = "noreply";
+      smtp-sender-pass = config.secrets.mailPass.nixfoxNoReply;
+      smtp-sender-from = "noreply@${config.vars.primeDomain}";
+    };
+  };
+}

modules/system/services/server/ntfy/nginx/default.nix

@@ -0,0 +1,11 @@
+{ config, lib, ... }:
+{
+  services.nginx.virtualHosts."ntfy.${config.vars.primeDomain}" = lib.mkIf config.services.ntfy-sh.enable {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      proxyPass = "http://127.0.0.1${config.services.ntfy-sh.settings.listen-http}";
+      proxyWebsockets = true;
+    };
+  };
+}

modules/system/settings/security/privilege/default.nix

@@ -4,9 +4,4 @@
     enable = true;
     execWheelOnly = true;
   };
-
-  # Allow root to be accessed via ssh
-  users.users.root.openssh.authorizedKeys.keys = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN3B9Uf3h5JiD2HjF/vQ5Zx9pibMgRrlf7ZoBktev9eB Warden"
-  ];
 }

modules/system/users/default.nix

@@ -4,5 +4,6 @@
     ./freecorn
     ./luna
     ./main
+    ./root
   ];
 }

modules/system/users/main/default.nix

@@ -6,14 +6,15 @@
     linger = true;
     hashedPassword = config.secrets.accPass.main;
     openssh.authorizedKeys.keyFiles = [
+      # Special keys
+      ./warden.pub
+      ./pixel9.pub
+
+      # Host keys
       ../../../../hosts/tower/id_ed25519.pub
       ../../../../hosts/intuos/id_ed25519.pub
       ../../../../hosts/jupiter/id_ed25519.pub
     ];
-    openssh.authorizedKeys.keys = [ 
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE17CtOBL2xR7xelq2HjAqESJVhNtKQe9ZCECKVx0LSO Warden2"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9 Pixel9"
-    ];
     extraGroups = [
       # Privilige
       "wheel"

modules/system/users/main/pixel9.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9 Pixel9

modules/system/users/main/warden.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE17CtOBL2xR7xelq2HjAqESJVhNtKQe9ZCECKVx0LSO Warden

modules/system/users/root/default.nix

@@ -0,0 +1,7 @@
+{ ... }:
+{
+  # Allow root to be accessed via ssh
+  users.users.root.openssh.authorizedKeys.keyFiles = [
+    ../main/warden.pub
+  ];
+}