feat: better prometheus integration

machines/massicot/services.nix

@@ -62,6 +62,19 @@ in
         group = "kanidm";
     };
   };
+
+  services.ntfy-sh = {
+    enable = true;
+    group = "caddy";
+    settings = {
+      listen-unix = "/var/run/ntfy-sh/ntfy.sock";
+      listen-unix-mode = 432; # octal 0660
+      base-url = "https://ntfy.xinyang.life";
+    };
+  };
+
+  systemd.services.ntfy-sh.serviceConfig.RuntimeDirectory = "ntfy-sh";
+
   services.kanidm = {
     package = pkgs.kanidm.withSecretProvisioning;
     enableServer = true;
@@ -161,7 +174,12 @@ in
   };
   users.groups.git = { };
 
-
+  users.users = {
+    ${config.services.caddy.user}.extraGroups = [
+      config.services.ntfy-sh.group
+    ];
+  };
+  
   services.caddy = {
     enable = true;
     virtualHosts."xinyang.life:443".extraConfig = ''
@@ -191,5 +209,14 @@ in
           }
       }
     '';
+    virtualHosts."https://ntfy.xinyang.life".extraConfig =  ''
+      reverse_proxy unix/${config.services.ntfy-sh.settings.listen-unix}
+      @httpget {
+        protocol http
+        method GET
+        path_regexp ^/([-_a-z0-9]{0,64}$|docs/|static/)
+      }
+      redir @httpget https://{host}{uri}
+    '';
   };
 }