+13

nixos/modules/services/misc/ntfy-sh.nix

reviewed

··· 61 61 Configuration for ntfy.sh, supported values are [here](https://ntfy.sh/docs/config/#config-options). 62 62 ''; 63 63 }; 64 64 + 65 65 + environmentFile = lib.mkOption { 66 66 + type = lib.types.nullOr lib.types.path; 67 67 + default = null; 68 68 + example = "/run/secrets/ntfy"; 69 69 + description = '' 70 70 + Path to a file containing extra ntfy environment variables in the systemd `EnvironmentFile` 71 71 + format. Refer to the [documentation](https://docs.ntfy.sh/config/) for config options. 72 72 + 73 73 + This can be used to pass secrets such as creating declarative users or token without putting them in the Nix store. 74 74 + ''; 75 75 + }; 64 76 }; 65 77 66 78 config = ··· 109 121 MemoryDenyWriteExecute = true; 110 122 # Upstream Recommendation 111 123 LimitNOFILE = 20500; 124 124 + EnvironmentFile = lib.mkIf (cfg.environmentFile != null) cfg.environmentFile; 112 125 }; 113 126 }; 114 127

+33 -19

nixos/tests/ntfy-sh.nix

reviewed

··· 1 1 - import ./make-test-python.nix { 2 2 - name = "ntfy-sh"; 1 1 + import ./make-test-python.nix ( 2 2 + { pkgs, ... }: 3 3 + { 4 4 + name = "ntfy-sh"; 3 5 4 4 - nodes.machine = 5 5 - { ... }: 6 6 - { 7 7 - services.ntfy-sh.enable = true; 8 8 - services.ntfy-sh.settings.base-url = "http://localhost:2586"; 9 9 - }; 6 6 + nodes.machine = 7 7 + { ... }: 8 8 + { 9 9 + services.ntfy-sh.enable = true; 10 10 + services.ntfy-sh.settings.base-url = "http://localhost:2586"; 10 11 11 11 - testScript = '' 12 12 - import json 12 12 + # Create a user with user:123 13 13 + services.ntfy-sh.environmentFile = pkgs.writeText "ntfy.env" '' 14 14 + NTFY_AUTH_DEFAULT_ACCESS='deny-all' 15 15 + NTFY_AUTH_USERS='user:$2a$12$W2v7IQhkayvJOYRpg6YEruxj.jUO3R2xQOU7s1vC3HzLLB9gSKJ9.:user' 16 16 + NTFY_AUTH_ACCESS='user:test:rw' 17 17 + ''; 18 18 + }; 13 19 14 14 - msg = "Test notification" 20 20 + testScript = '' 21 21 + import json 15 22 16 16 - machine.wait_for_unit("multi-user.target") 23 23 + msg = "Test notification" 17 24 18 18 - machine.wait_for_open_port(2586) 25 25 + machine.wait_for_unit("multi-user.target") 19 26 20 20 - machine.succeed(f"curl -d '{msg}' localhost:2586/test") 27 27 + machine.wait_for_open_port(2586) 21 28 22 22 - notif = json.loads(machine.succeed("curl -s localhost:2586/test/json?poll=1")) 29 29 + machine.succeed(f"curl -u user:1234 -d '{msg}' localhost:2586/test") 23 30 24 24 - assert msg == notif["message"], "Wrong message" 31 31 + # If we have a user, receive a message 32 32 + notif = json.loads(machine.succeed("curl -u user:1234 -s localhost:2586/test/json?poll=1")) 33 33 + assert msg == notif["message"], "Wrong message" 25 34 26 26 - machine.succeed("ntfy user list") 27 27 - ''; 28 28 - } 35 35 + # If we have no user, we should get forbidden, making sure the default access config works 36 36 + notif = json.loads(machine.succeed("curl -s localhost:2586/test/json?poll=1")) 37 37 + assert 403 == notif["http"], f"Should return 403, got {notif["http"]}" 38 38 + 39 39 + machine.succeed("ntfy user list") 40 40 + ''; 41 41 + } 42 42 + )