Merge pull request 'add-ntfy' (#54) from add-ntfy into main
Reviewed-on: #54
This commit is contained in:
commit
1bed137116
8 changed files with 384 additions and 5 deletions
|
@ -47,6 +47,7 @@ Rule of thumb: keep ports below 10000 free for stuff that reserves ports.
|
|||
| 22080 | netbox | gunicorn |
|
||||
| 22090 | openhab | http |
|
||||
| 22999 | nginx | stub_status |
|
||||
| 22100 | ntfy | http |
|
||||
|
||||
## UDP
|
||||
| Port | bundle | usage |
|
||||
|
|
|
@ -1,9 +1,5 @@
|
|||
repo.libs.tools.require_bundle(node, 'nodejs')
|
||||
|
||||
directories = {
|
||||
'/opt/hedgedoc': {}
|
||||
}
|
||||
|
||||
git_deploy = {
|
||||
'/opt/hedgedoc': {
|
||||
'rev': node.metadata.get('hedgedoc/version'),
|
||||
|
|
|
@ -118,7 +118,7 @@ server {
|
|||
% endif
|
||||
proxy_buffering off;
|
||||
proxy_read_timeout ${options.get('proxy_read_timeout', 60)};
|
||||
client_max_body_size ${options.get('max_body_size', '5M')};
|
||||
client_max_body_size ${options.get('max_body_size', '5m')};
|
||||
% elif 'redirect' in options:
|
||||
return ${options.get('mode', 308)} ${options['redirect']};
|
||||
% elif 'return' in options:
|
||||
|
|
206
bundles/ntfy/files/server.yml
Normal file
206
bundles/ntfy/files/server.yml
Normal file
|
@ -0,0 +1,206 @@
|
|||
# ntfy server config file
|
||||
#
|
||||
# Please refer to the documentation at https://ntfy.sh/docs/config/ for details.
|
||||
# All options also support underscores (_) instead of dashes (-) to comply with the YAML spec.
|
||||
|
||||
# Public facing base URL of the service (e.g. https://ntfy.sh or https://ntfy.example.com)
|
||||
#
|
||||
# This setting is required for any of the following features:
|
||||
# - attachments (to return a download URL)
|
||||
# - e-mail sending (for the topic URL in the email footer)
|
||||
# - iOS push notifications for self-hosted servers (to calculate the Firebase poll_request topic)
|
||||
# - Matrix Push Gateway (to validate that the pushkey is correct)
|
||||
#
|
||||
base-url: "https://${node.metadata.get('ntfy/domain', 'ntfy')}"
|
||||
|
||||
# Listen address for the HTTP & HTTPS web server. If "listen-https" is set, you must also
|
||||
# set "key-file" and "cert-file". Format: [<ip>]:<port>, e.g. "1.2.3.4:8080".
|
||||
#
|
||||
# To listen on all interfaces, you may omit the IP address, e.g. ":443".
|
||||
# To disable HTTP, set "listen-http" to "-".
|
||||
#
|
||||
listen-http: "127.0.0.1:22100"
|
||||
# listen-https:
|
||||
|
||||
# Listen on a Unix socket, e.g. /var/lib/ntfy/ntfy.sock
|
||||
# This can be useful to avoid port issues on local systems, and to simplify permissions.
|
||||
#
|
||||
# listen-unix: <socket-path>
|
||||
# listen-unix-mode: <linux permissions, e.g. 0700>
|
||||
|
||||
# Path to the private key & cert file for the HTTPS web server. Not used if "listen-https" is not set.
|
||||
#
|
||||
# key-file: <filename>
|
||||
# cert-file: <filename>
|
||||
|
||||
# If set, also publish messages to a Firebase Cloud Messaging (FCM) topic for your app.
|
||||
# This is optional and only required to save battery when using the Android app.
|
||||
#
|
||||
# firebase-key-file: <filename>
|
||||
|
||||
# If "cache-file" is set, messages are cached in a local SQLite database instead of only in-memory.
|
||||
# This allows for service restarts without losing messages in support of the since= parameter.
|
||||
#
|
||||
# The "cache-duration" parameter defines the duration for which messages will be buffered
|
||||
# before they are deleted. This is required to support the "since=..." and "poll=1" parameter.
|
||||
# To disable the cache entirely (on-disk/in-memory), set "cache-duration" to 0.
|
||||
# The cache file is created automatically, provided that the correct permissions are set.
|
||||
#
|
||||
# The "cache-startup-queries" parameter allows you to run commands when the database is initialized,
|
||||
# e.g. to enable WAL mode (see https://phiresky.github.io/blog/2020/sqlite-performance-tuning/)).
|
||||
# Example:
|
||||
# cache-startup-queries: |
|
||||
# pragma journal_mode = WAL;
|
||||
# pragma synchronous = normal;
|
||||
# pragma temp_store = memory;
|
||||
#
|
||||
# Debian/RPM package users:
|
||||
# Use /var/cache/ntfy/cache.db as cache file to avoid permission issues. The package
|
||||
# creates this folder for you.
|
||||
#
|
||||
# Check your permissions:
|
||||
# If you are running ntfy with systemd, make sure this cache file is owned by the
|
||||
# ntfy user and group by running: chown ntfy.ntfy <filename>.
|
||||
#
|
||||
cache-file: "/var/cache/ntfy/cache.db"
|
||||
cache-duration: "12h"
|
||||
cache-startup-queries: |
|
||||
pragma journal_mode = WAL;
|
||||
pragma synchronous = normal;
|
||||
pragma temp_store = memory;
|
||||
|
||||
# If set, access to the ntfy server and API can be controlled on a granular level using
|
||||
# the 'ntfy user' and 'ntfy access' commands. See the --help pages for details, or check the docs.
|
||||
#
|
||||
# - auth-file is the SQLite user/access database; it is created automatically if it doesn't already exist
|
||||
# - auth-default-access defines the default/fallback access if no access control entry is found; it can be
|
||||
# set to "read-write" (default), "read-only", "write-only" or "deny-all".
|
||||
#
|
||||
# Debian/RPM package users:
|
||||
# Use /var/lib/ntfy/user.db as user database to avoid permission issues. The package
|
||||
# creates this folder for you.
|
||||
#
|
||||
# Check your permissions:
|
||||
# If you are running ntfy with systemd, make sure this user database file is owned by the
|
||||
# ntfy user and group by running: chown ntfy.ntfy <filename>.
|
||||
#
|
||||
auth-file: "/var/lib/ntfy/user.db"
|
||||
auth-default-access: "write-only"
|
||||
|
||||
# If set, the X-Forwarded-For header is used to determine the visitor IP address
|
||||
# instead of the remote address of the connection.
|
||||
#
|
||||
# WARNING: If you are behind a proxy, you must set this, otherwise all visitors are rate limited
|
||||
# as if they are one.
|
||||
#
|
||||
# behind-proxy: false
|
||||
|
||||
# If enabled, clients can attach files to notifications as attachments. Minimum settings to enable attachments
|
||||
# are "attachment-cache-dir" and "base-url".
|
||||
#
|
||||
# - attachment-cache-dir is the cache directory for attached files
|
||||
# - attachment-total-size-limit is the limit of the on-disk attachment cache directory (total size)
|
||||
# - attachment-file-size-limit is the per-file attachment size limit (e.g. 300k, 2M, 100M)
|
||||
# - attachment-expiry-duration is the duration after which uploaded attachments will be deleted (e.g. 3h, 20h)
|
||||
#
|
||||
attachment-cache-dir: "/var/opt/ntfy"
|
||||
attachment-total-size-limit: "5G"
|
||||
attachment-file-size-limit: "15M"
|
||||
attachment-expiry-duration: "12h"
|
||||
|
||||
# If enabled, allow outgoing e-mail notifications via the 'X-Email' header. If this header is set,
|
||||
# messages will additionally be sent out as e-mail using an external SMTP server. As of today, only
|
||||
# SMTP servers with plain text auth and STARTLS are supported. Please also refer to the rate limiting settings
|
||||
# below (visitor-email-limit-burst & visitor-email-limit-burst).
|
||||
#
|
||||
# - smtp-sender-addr is the hostname:port of the SMTP server
|
||||
# - smtp-sender-user/smtp-sender-pass are the username and password of the SMTP user
|
||||
# - smtp-sender-from is the e-mail address of the sender
|
||||
#
|
||||
# smtp-sender-addr:
|
||||
# smtp-sender-user:
|
||||
# smtp-sender-pass:
|
||||
# smtp-sender-from:
|
||||
|
||||
# If enabled, ntfy will launch a lightweight SMTP server for incoming messages. Once configured, users can send
|
||||
# emails to a topic e-mail address to publish messages to a topic.
|
||||
#
|
||||
# - smtp-server-listen defines the IP address and port the SMTP server will listen on, e.g. :25 or 1.2.3.4:25
|
||||
# - smtp-server-domain is the e-mail domain, e.g. ntfy.sh
|
||||
# - smtp-server-addr-prefix is an optional prefix for the e-mail addresses to prevent spam. If set to "ntfy-",
|
||||
# for instance, only e-mails to ntfy-$topic@ntfy.sh will be accepted. If this is not set, all emails to
|
||||
# $topic@ntfy.sh will be accepted (which may obviously be a spam problem).
|
||||
#
|
||||
# smtp-server-listen:
|
||||
# smtp-server-domain:
|
||||
# smtp-server-addr-prefix:
|
||||
|
||||
# Interval in which keepalive messages are sent to the client. This is to prevent
|
||||
# intermediaries closing the connection for inactivity.
|
||||
#
|
||||
# Note that the Android app has a hardcoded timeout at 77s, so it should be less than that.
|
||||
#
|
||||
keepalive-interval: "45s"
|
||||
|
||||
# Interval in which the manager prunes old messages, deletes topics
|
||||
# and prints the stats.
|
||||
#
|
||||
manager-interval: "1m"
|
||||
|
||||
# Defines if the root route (/) is pointing to the landing page (as on ntfy.sh) or the
|
||||
# web app. If you self-host, you don't want to change this.
|
||||
# Can be "app" (default), "home" or "disable" to disable the web app entirely.
|
||||
#
|
||||
# web-root: app
|
||||
|
||||
# Server URL of a Firebase/APNS-connected ntfy server (likely "https://ntfy.sh").
|
||||
#
|
||||
# iOS users:
|
||||
# If you use the iOS ntfy app, you MUST configure this to receive timely notifications. You'll like want this:
|
||||
# upstream-base-url: "https://ntfy.sh"
|
||||
#
|
||||
# If set, all incoming messages will publish a "poll_request" message to the configured upstream server, containing
|
||||
# the message ID of the original message, instructing the iOS app to poll this server for the actual message contents.
|
||||
# This is to prevent the upstream server and Firebase/APNS from being able to read the message.
|
||||
#
|
||||
# upstream-base-url:
|
||||
|
||||
# Rate limiting: Total number of topics before the server rejects new topics.
|
||||
#
|
||||
global-topic-limit: 15000
|
||||
|
||||
# Rate limiting: Number of subscriptions per visitor (IP address)
|
||||
#
|
||||
visitor-subscription-limit: 64
|
||||
|
||||
# Rate limiting: Allowed GET/PUT/POST requests per second, per visitor:
|
||||
# - visitor-request-limit-burst is the initial bucket of requests each visitor has
|
||||
# - visitor-request-limit-replenish is the rate at which the bucket is refilled
|
||||
# - visitor-request-limit-exempt-hosts is a comma-separated list of hostnames and IPs to be
|
||||
# exempt from request rate limiting; hostnames are resolved at the time the server is started
|
||||
#
|
||||
visitor-request-limit-burst: 60
|
||||
visitor-request-limit-replenish: "5s"
|
||||
visitor-request-limit-exempt-hosts: "localhost"
|
||||
|
||||
# Rate limiting: Allowed emails per visitor:
|
||||
# - visitor-email-limit-burst is the initial bucket of emails each visitor has
|
||||
# - visitor-email-limit-replenish is the rate at which the bucket is refilled
|
||||
#
|
||||
# visitor-email-limit-burst: 16
|
||||
# visitor-email-limit-replenish: "1h"
|
||||
|
||||
# Rate limiting: Attachment size and bandwidth limits per visitor:
|
||||
# - visitor-attachment-total-size-limit is the total storage limit used for attachments per visitor
|
||||
# - visitor-attachment-daily-bandwidth-limit is the total daily attachment download/upload traffic limit per visitor
|
||||
#
|
||||
# visitor-attachment-total-size-limit: "100M"
|
||||
# visitor-attachment-daily-bandwidth-limit: "500M"
|
||||
|
||||
# Log level, can be TRACE, DEBUG, INFO, WARN or ERROR
|
||||
# This option can be hot-reloaded by calling "kill -HUP $pid" or "systemctl reload ntfy".
|
||||
#
|
||||
# Be aware that DEBUG (and particularly TRACE) can be VERY CHATTY. Only turn them on for
|
||||
# debugging purposes, or your disk will fill up quickly.
|
||||
#
|
||||
log-level: INFO
|
43
bundles/ntfy/items.py
Normal file
43
bundles/ntfy/items.py
Normal file
|
@ -0,0 +1,43 @@
|
|||
|
||||
files = {
|
||||
'/etc/ntfy/server.yml': {
|
||||
'content_type': 'mako',
|
||||
'needs': {
|
||||
'pkg_apt:ntfy',
|
||||
},
|
||||
'triggers': {
|
||||
'svc_systemd:ntfy:restart',
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
directories = {
|
||||
'/opt/ntfy': {},
|
||||
'/var/lib/ntfy': {
|
||||
'owner': 'ntfy',
|
||||
'group': 'ntfy',
|
||||
},
|
||||
'/var/cache/ntfy': {
|
||||
'owner': 'ntfy',
|
||||
'group': 'ntfy',
|
||||
},
|
||||
'/var/opt/ntfy': {
|
||||
'owner': 'ntfy',
|
||||
'group': 'ntfy',
|
||||
},
|
||||
}
|
||||
|
||||
svc_systemd = {
|
||||
'ntfy': {
|
||||
'needs': {
|
||||
'file:/etc/ntfy/server.yml',
|
||||
'pkg_apt:ntfy',
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
users = {
|
||||
'ntfy': {
|
||||
'home': '/opt/ntfy',
|
||||
},
|
||||
}
|
85
bundles/ntfy/metadata.py
Normal file
85
bundles/ntfy/metadata.py
Normal file
|
@ -0,0 +1,85 @@
|
|||
|
||||
defaults = {
|
||||
'apt': {
|
||||
'repos': {
|
||||
'ntfy': {
|
||||
'items': {
|
||||
'deb [arch=amd64] https://archive.heckel.io/apt debian main',
|
||||
},
|
||||
},
|
||||
},
|
||||
'packages': {
|
||||
'ntfy': {},
|
||||
},
|
||||
},
|
||||
'backups': {
|
||||
'paths': {
|
||||
"/var/cache/ntfy",
|
||||
"/var/lib/ntfy",
|
||||
"/var/opt/ntfy",
|
||||
},
|
||||
},
|
||||
'zfs': {
|
||||
'datasets': {
|
||||
'tank/ntfy': {},
|
||||
'tank/ntfy/cache': {
|
||||
'mountpoint': '/var/cache/ntfy',
|
||||
'needed_by': {
|
||||
'directory:/var/cache/ntfy',
|
||||
},
|
||||
},
|
||||
'tank/ntfy/lib': {
|
||||
'mountpoint': '/var/lib/ntfy',
|
||||
'needed_by': {
|
||||
'directory:/var/lib/ntfy',
|
||||
},
|
||||
},
|
||||
'tank/ntfy/attachments': {
|
||||
'mountpoint': '/var/opt/ntfy',
|
||||
'needed_by': {
|
||||
'directory:/var/opt/ntfy',
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
@metadata_reactor.provides(
|
||||
'nginx/vhosts',
|
||||
)
|
||||
def nginx(metadata):
|
||||
if not node.has_bundle('nginx'):
|
||||
raise DoNotRunAgain
|
||||
|
||||
locations = {
|
||||
'/': {
|
||||
'target': 'http://127.0.0.1:22100',
|
||||
'proxy_set_header': {
|
||||
'X-Real-IP': '$remote_addr',
|
||||
},
|
||||
'websockets': True,
|
||||
'proxy_read_timeout': '3m',
|
||||
'max_body_size': '20m',
|
||||
'additional_config': {
|
||||
'proxy_connect_timeout 3m',
|
||||
'proxy_send_timeout 3m',
|
||||
'proxy_request_buffering off',
|
||||
'proxy_redirect off',
|
||||
}
|
||||
},
|
||||
}
|
||||
|
||||
vhosts = {
|
||||
'ntfy': {
|
||||
'domain': metadata.get('ntfy/domain'),
|
||||
'locations': locations,
|
||||
'website_check_path': '/',
|
||||
'website_check_string': 'ntfy',
|
||||
},
|
||||
}
|
||||
|
||||
return {
|
||||
'nginx': {
|
||||
'vhosts': vhosts
|
||||
},
|
||||
}
|
30
data/apt/files/gpg-keys/ntfy.asc
Normal file
30
data/apt/files/gpg-keys/ntfy.asc
Normal file
|
@ -0,0 +1,30 @@
|
|||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: GnuPG v1
|
||||
|
||||
mQENBF/s8c4BCADYjQMKxdvlx4UxNim0go6J/OL7DuTmoQkkTDtOoBFhQMe3xpkc
|
||||
tS1v+Hio1odIoT+fXOzgLJ7VGw5Cr3LCoGfpopHMEWnFWBo8HvNxjKCvmVC6PLux
|
||||
LJFWvhIB2UsBQVAsLcSViIpkZMr1oyY6c8Vk1Xih1FwWsygapQnAAGYXoBoTpgtX
|
||||
PAFKd5h85hzEv62SM88PdJn3Q8cfi11H0yWQVfOUKVqN6rfjXJMufNsOooXA6/VN
|
||||
wT0ysyKkq5hPZ56olb41BxlLHNJRksVtvZnldTLebJ8dKUFwp/Y0cQRPSo+yuOg2
|
||||
bZsyhYGoFnN4J5QYsszd2zLxZCL37rs8ArbtABEBAAG0LFBoaWxpcHAgQy4gSGVj
|
||||
a2VsIDxwaGlsaXBwLmhlY2tlbEBnbWFpbC5jb20+iQE4BBMBAgAiBQJf7PHOAhsD
|
||||
BgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAdW47fskduU/M4CADOOdoF/VJT
|
||||
iPLeL4wr8ZYLV1rsFQ9ieNWhaKThUntVEDZWaJ+2qrzqhmUlLbNfS1XHm0Yzz+7U
|
||||
x2Mxcw1PXW/g/RxdhtVdQGQK4g5E3zRR1jdp6CoTc46gMnRYrDksC3C3ZwiTtRaY
|
||||
RDnkqGwBqhmnix/khYsnyrtbTi5khKkXLjrairfO4QIptRNVY2yRmzrF8vfTRDP2
|
||||
SVybD7+xTb5jwFcgvNJdKhOA0NNm4YFnPn7Jx22lNzGVvbht4Ll1watWJxhKN/co
|
||||
UeW5u3EpRpzxaaXQ5wsGAYRgm7/z9/kdFPk4XPGFbEcZd5ujO3VlGc8xQ/X7MaiB
|
||||
YPI8DzLy+IYHuQENBF/s8c4BCADVDmrGRXkwBxO/GsUXhtDZlPHYGpZkFUapziwU
|
||||
Zqrd2w/Bl/9dgkEnclayAa5d72Htw8gQCglRmd2Sb5Z500+KvvcbGxmkyhMPWEUQ
|
||||
aF8j/UJJ0/Ij9rfTcjRWRpolMkq2vFI3S+lu9TLahQuml84Uj3beLnX5kH/7EQh3
|
||||
ReeDh9VHMXAqZ3UP3vyXYtavO8NqTH9ytqppRALDAopYv/QZI+1jegiR1E+oUhqy
|
||||
ADQwrQRLtkxb/UwjLFfeeji5pK3A7l8WkQcBIISAcEHKC4ETfEEA8RPVupf4K884
|
||||
w0n5bC2HGXQbUCc0vmEOWViS279VYDsnaeaJSWwexqHopQbPABEBAAGJAR8EGAEC
|
||||
AAkFAl/s8c4CGwwACgkQHVuO37JHblMZTQgAso3rvTf00VLJOwQvS9QRnvuOPJVP
|
||||
d/w0Lfoo4SL1yPpDUcc3tTdGtbOY4wUsJlGaMYVVseXy6W/gJmORjutAVDEou2CP
|
||||
g7BYl+HGAZCgESvWc9Dn4nx2MvKGJG8GDtWxgsCWRm2lSTgRU4H390saA9iibz7m
|
||||
eJOI5yzrL6ZdBK9avXLldnsXn667nbyhkxgZUaEXkhcRm/Zh9fw6vaJ2PR9UzLQm
|
||||
SotJqLlV9yZP6usmiQ8NF0o3MsFuDVk0Ae7XvGtKTBuMMZUSwy9BMudSLsoFMd53
|
||||
5Obby3ETwi4QUamDlz3StJQhBhTiFSYY+9nvGW5VsLYpGVGaXlAElk4KcA==
|
||||
=ztKz
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
|
@ -8,8 +8,10 @@ nodes['htz-cloud.miniserver'] = {
|
|||
'matrix-media-repo',
|
||||
'matrix-synapse',
|
||||
'nodejs',
|
||||
'ntfy',
|
||||
'mautrix-telegram',
|
||||
'postgresql',
|
||||
'zfs',
|
||||
},
|
||||
'groups': {
|
||||
'debian-bullseye',
|
||||
|
@ -218,6 +220,9 @@ nodes['htz-cloud.miniserver'] = {
|
|||
},
|
||||
},
|
||||
},
|
||||
'ntfy': {
|
||||
'domain': 'ntfy.sophies-kitchen.eu',
|
||||
},
|
||||
'postgresql': {
|
||||
'version': '11',
|
||||
},
|
||||
|
@ -240,5 +245,18 @@ nodes['htz-cloud.miniserver'] = {
|
|||
],
|
||||
},
|
||||
},
|
||||
'zfs': {
|
||||
'pools': {
|
||||
'tank': {
|
||||
'when_creating': {
|
||||
'config': [{
|
||||
'devices': {
|
||||
'/dev/disk/by-id/scsi-0HC_Volume_23952298',
|
||||
},
|
||||
}]
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue