From a41e1d9383712445eaec3e4ac30763bddd44dac2 Mon Sep 17 00:00:00 2001 From: counterweight Date: Sun, 27 Jul 2025 12:54:30 +0200 Subject: [PATCH] finished ntfy server thingies --- 02_vps_core_services_setup.md | 21 +++- .../services/ntfy/deploy_ntfy_playbook.yml | 116 ++++++++++++++++++ ansible/services/ntfy/ntfy_vars.yml | 3 + 3 files changed, 139 insertions(+), 1 deletion(-) create mode 100644 ansible/services/ntfy/deploy_ntfy_playbook.yml create mode 100644 ansible/services/ntfy/ntfy_vars.yml diff --git a/02_vps_core_services_setup.md b/02_vps_core_services_setup.md index f9d01c8..ac2a8b8 100644 --- a/02_vps_core_services_setup.md +++ b/02_vps_core_services_setup.md @@ -120,6 +120,25 @@ Forgejo is a git server. * You can tweak more settings from that point on. * SSH cloning should work out of the box (after you've set up your SSH pub key in Forgejo, that is). + +## ntfy + +ntfy is a notifications server. + +### Deploy + +* Decide what subdomain you want to serve ntfy on and add it to `services/ntfy/ntfy_vars.yml` on the `ntfy_subdomain`. + * Note that you will have to add a DNS entry to point to the VPS public IP. +* Before running the playbook, you should decide on a user and password for the admin user. This user is the only one authorised to send and read messages from topics. Once you've picked, export them in your terminal like this `export NTFY_USER=admin; export NTFY_PASSWORD=secret`. +* In the same shell, run the deployment playbook: `ansible-playbook -i inventory.ini services/ntfy/deploy_ntfy_playbook.yml`. + +### Configure + +* You can visit the ntfy web UI at the FQDN you configured. +* You can start using notify to send alerts with uptime kuma by visiting the uptime kuma UI and using the credentials for the ntfy admin user. +* To receive alerts on your phone, install the official ntfy app: https://github.com/binwiederhier/ntfy-android. +* You can also subscribe on the web UI on your laptop. + ### Backups -No explicit backups. It's assumed that important repos will be in Lapy, and that perhaps you might even backup lapy as well. +Given that ntfy is almost stateless, no backups are made. If it blows up, simply set it up again. diff --git a/ansible/services/ntfy/deploy_ntfy_playbook.yml b/ansible/services/ntfy/deploy_ntfy_playbook.yml new file mode 100644 index 0000000..e4d25bf --- /dev/null +++ b/ansible/services/ntfy/deploy_ntfy_playbook.yml @@ -0,0 +1,116 @@ +- name: Deploy ntfy and configure Caddy reverse proxy + hosts: watchtower + become: yes + vars_files: + - ../../infra_vars.yml + - ./ntfy_vars.yml + vars: + ntfy_domain: "{{ ntfy_subdomain }}.{{ root_domain }}" + + tasks: + - name: Ensure /etc/apt/keyrings exists + file: + path: /etc/apt/keyrings + state: directory + mode: '0755' + + - name: Download and dearmor ntfy GPG key + shell: curl -fsSL https://archive.heckel.io/apt/pubkey.txt | gpg --dearmor -o /etc/apt/keyrings/archive.heckel.io.gpg + args: + creates: /etc/apt/keyrings/archive.heckel.io.gpg + + - name: Add ntfy APT repository + copy: + dest: /etc/apt/sources.list.d/archive.heckel.io.list + content: | + deb [arch=amd64 signed-by=/etc/apt/keyrings/archive.heckel.io.gpg] https://archive.heckel.io/apt debian main + mode: '0644' + + - name: Update APT cache + apt: + update_cache: yes + + - name: Install ntfy + apt: + name: ntfy + state: present + + - name: Ensure ntfy cache directories exist + file: + path: "{{ item }}" + state: directory + owner: ntfy + group: ntfy + mode: '0755' + loop: + - /var/cache/ntfy + - /var/cache/ntfy/attachments + + - name: Deploy ntfy configuration file + copy: + dest: /etc/ntfy/server.yml + content: | + base-url: "http://{{ ntfy_domain }}" + listen-http: ":{{ ntfy_port }}" + cache-file: "/var/cache/ntfy/cache.db" + attachment-cache-dir: "/var/cache/ntfy/attachments" + behind-proxy: true + auth-file: "/var/lib/ntfy/user.db" + auth-default-access: "deny-all" + owner: root + group: root + mode: '0644' + notify: Restart ntfy + + - name: Enable and start ntfy service + systemd: + name: ntfy + enabled: yes + state: started + + - name: Create ntfy admin user + shell: | + (echo "{{ lookup('env', 'NTFY_PASSWORD') }}"; echo "{{ lookup('env', 'NTFY_PASSWORD') }}") | ntfy user add --role=admin "{{ lookup('env', 'NTFY_USER') }}" + + - name: Ensure Caddy sites-enabled directory exists + file: + path: "{{ caddy_sites_dir }}" + state: directory + owner: root + group: root + mode: '0755' + + - name: Ensure Caddyfile includes import directive for sites-enabled + lineinfile: + path: /etc/caddy/Caddyfile + line: 'import sites-enabled/*' + insertafter: EOF + state: present + backup: yes + + - name: Create Caddy reverse proxy configuration for ntfy + copy: + dest: "{{ caddy_sites_dir }}/ntfy.conf" + content: | + {{ ntfy_domain }}, http://{{ ntfy_domain }} { + reverse_proxy 127.0.0.1:{{ ntfy_port }} + + @httpget { + protocol http + method GET + path_regexp ^/([-_a-z0-9]{0,64}$|docs/|static/) + } + redir @httpget https://{host}{uri} + } + owner: root + group: root + mode: '0644' + + - name: Reload Caddy to apply new config + command: systemctl reload caddy + + handlers: + - name: Restart ntfy + systemd: + name: ntfy + state: restarted \ No newline at end of file diff --git a/ansible/services/ntfy/ntfy_vars.yml b/ansible/services/ntfy/ntfy_vars.yml new file mode 100644 index 0000000..4fe684e --- /dev/null +++ b/ansible/services/ntfy/ntfy_vars.yml @@ -0,0 +1,3 @@ +caddy_sites_dir: /etc/caddy/sites-enabled +ntfy_subdomain: ntfy +ntfy_port: 6674 \ No newline at end of file