bundles/ntfy: update config to more recent version
This commit is contained in:
parent
2297f1dacf
commit
95d5c0cfc8
2 changed files with 104 additions and 39 deletions
|
@ -11,7 +11,7 @@
|
|||
# - iOS push notifications for self-hosted servers (to calculate the Firebase poll_request topic)
|
||||
# - Matrix Push Gateway (to validate that the pushkey is correct)
|
||||
#
|
||||
base-url: "https://${node.metadata.get('ntfy/domain', 'ntfy')}"
|
||||
base-url: "https://${node.metadata.get('ntfy/domain')}"
|
||||
|
||||
# Listen address for the HTTP & HTTPS web server. If "listen-https" is set, you must also
|
||||
# set "key-file" and "cert-file". Format: [<ip>]:<port>, e.g. "1.2.3.4:8080".
|
||||
|
@ -93,7 +93,7 @@ auth-default-access: "write-only"
|
|||
# WARNING: If you are behind a proxy, you must set this, otherwise all visitors are rate limited
|
||||
# as if they are one.
|
||||
#
|
||||
# behind-proxy: false
|
||||
behind-proxy: true
|
||||
|
||||
# If enabled, clients can attach files to notifications as attachments. Minimum settings to enable attachments
|
||||
# are "attachment-cache-dir" and "base-url".
|
||||
|
@ -153,6 +153,17 @@ manager-interval: "1m"
|
|||
#
|
||||
# web-root: app
|
||||
|
||||
# Various feature flags used to control the web app, and API access, mainly around user and
|
||||
# account management.
|
||||
#
|
||||
# - enable-signup allows users to sign up via the web app, or API
|
||||
# - enable-login allows users to log in via the web app, or API
|
||||
# - enable-reservations allows users to reserve topics (if their tier allows it)
|
||||
#
|
||||
enable-signup: false
|
||||
enable-login: true
|
||||
enable-reservations: false
|
||||
|
||||
# Server URL of a Firebase/APNS-connected ntfy server (likely "https://ntfy.sh").
|
||||
#
|
||||
# iOS users:
|
||||
|
@ -181,7 +192,7 @@ visitor-subscription-limit: 64
|
|||
#
|
||||
visitor-request-limit-burst: 60
|
||||
visitor-request-limit-replenish: "5s"
|
||||
visitor-request-limit-exempt-hosts: "localhost"
|
||||
visitor-request-limit-exempt-hosts: "${','.join(sorted(ratelimit_exempt_hosts))}"
|
||||
|
||||
# Rate limiting: Allowed emails per visitor:
|
||||
# - visitor-email-limit-burst is the initial bucket of emails each visitor has
|
||||
|
@ -190,12 +201,54 @@ visitor-request-limit-exempt-hosts: "localhost"
|
|||
# visitor-email-limit-burst: 16
|
||||
# visitor-email-limit-replenish: "1h"
|
||||
|
||||
# Rate limiting: Attachment size and bandwidth limits per visitor:
|
||||
# - visitor-attachment-total-size-limit is the total storage limit used for attachments per visitor
|
||||
# - visitor-attachment-daily-bandwidth-limit is the total daily attachment download/upload traffic limit per visitor
|
||||
# Rate limiting: Enable subscriber-based rate limiting (mostly used for UnifiedPush)
|
||||
#
|
||||
# visitor-attachment-total-size-limit: "100M"
|
||||
# visitor-attachment-daily-bandwidth-limit: "500M"
|
||||
# If enabled, subscribers may opt to have published messages counted against their own rate limits, as opposed
|
||||
# to the publisher's rate limits. This is especially useful to increase the amount of messages that high-volume
|
||||
# publishers (e.g. Matrix/Mastodon servers) are allowed to send.
|
||||
#
|
||||
# Once enabled, a client may send a "Rate-Topics: <topic1>,<topic2>,..." header when subscribing to topics via
|
||||
# HTTP stream, or websockets, thereby registering itself as the "rate visitor", i.e. the visitor whose rate limits
|
||||
# to use when publishing on this topic. Note: Setting the rate visitor requires READ-WRITE permission on the topic.
|
||||
#
|
||||
# UnifiedPush only: If this setting is enabled, publishing to UnifiedPush topics will lead to a HTTP 507 response if
|
||||
# no "rate visitor" has been previously registered. This is to avoid burning the publisher's "visitor-message-daily-limit".
|
||||
#
|
||||
# visitor-subscriber-rate-limiting: false
|
||||
|
||||
# Payments integration via Stripe
|
||||
#
|
||||
# - stripe-secret-key is the key used for the Stripe API communication. Setting this values
|
||||
# enables payments in the ntfy web app (e.g. Upgrade dialog). See https://dashboard.stripe.com/apikeys.
|
||||
# - stripe-webhook-key is the key required to validate the authenticity of incoming webhooks from Stripe.
|
||||
# Webhooks are essential up keep the local database in sync with the payment provider. See https://dashboard.stripe.com/webhooks.
|
||||
# - billing-contact is an email address or website displayed in the "Upgrade tier" dialog to let people reach
|
||||
# out with billing questions. If unset, nothing will be displayed.
|
||||
#
|
||||
# stripe-secret-key:
|
||||
# stripe-webhook-key:
|
||||
# billing-contact:
|
||||
|
||||
# Metrics
|
||||
#
|
||||
# ntfy can expose Prometheus-style metrics via a /metrics endpoint, or on a dedicated listen IP/port.
|
||||
# Metrics may be considered sensitive information, so before you enable them, be sure you know what you are
|
||||
# doing, and/or secure access to the endpoint in your reverse proxy.
|
||||
#
|
||||
# - enable-metrics enables the /metrics endpoint for the default ntfy server (i.e. HTTP, HTTPS and/or Unix socket)
|
||||
# - metrics-listen-http exposes the metrics endpoint via a dedicated [IP]:port. If set, this option implicitly
|
||||
# enables metrics as well, e.g. "10.0.1.1:9090" or ":9090"
|
||||
#
|
||||
# enable-metrics: false
|
||||
# metrics-listen-http:
|
||||
|
||||
# Profiling
|
||||
#
|
||||
# ntfy can expose Go's net/http/pprof endpoints to support profiling of the ntfy server. If enabled, ntfy will listen
|
||||
# on a dedicated listen IP/port, which can be accessed via the web browser on http://<ip>:<port>/debug/pprof/.
|
||||
# This can be helpful to expose bottlenecks, and visualize call flows. See https://pkg.go.dev/net/http/pprof for details.
|
||||
#
|
||||
# profile-listen-http:
|
||||
|
||||
# Log level, can be TRACE, DEBUG, INFO, WARN or ERROR
|
||||
# This option can be hot-reloaded by calling "kill -HUP $pid" or "systemctl reload ntfy".
|
||||
|
|
|
@ -1,43 +1,55 @@
|
|||
ratelimit_exempt_hosts = set()
|
||||
|
||||
files = {
|
||||
'/etc/ntfy/server.yml': {
|
||||
for identifier in node.metadata.get('ntfy/ratelimit-exempt-hosts', set()):
|
||||
ips = repo.libs.tools.resolve_identifier(repo, identifier)
|
||||
ratelimit_exempt_hosts |= {str(ip) for ip in ips['ipv4']}
|
||||
ratelimit_exempt_hosts |= {str(ip) for ip in ips['ipv6']}
|
||||
|
||||
|
||||
files['/etc/ntfy/server.yml'] = {
|
||||
'content_type': 'mako',
|
||||
'needs': {
|
||||
'context': {
|
||||
'ratelimit_exempt_hosts': ratelimit_exempt_hosts,
|
||||
},
|
||||
'after': {
|
||||
'pkg_apt:ntfy',
|
||||
},
|
||||
'triggers': {
|
||||
'svc_systemd:ntfy:restart',
|
||||
},
|
||||
}
|
||||
|
||||
directories['/var/lib/ntfy'] = {
|
||||
'owner': 'ntfy',
|
||||
'group': 'ntfy',
|
||||
'before': {
|
||||
'pkg_apt:ntfy',
|
||||
},
|
||||
}
|
||||
|
||||
directories = {
|
||||
'/opt/ntfy': {},
|
||||
'/var/lib/ntfy': {
|
||||
'owner': 'ntfy',
|
||||
'group': 'ntfy',
|
||||
},
|
||||
'/var/cache/ntfy': {
|
||||
'owner': 'ntfy',
|
||||
'group': 'ntfy',
|
||||
},
|
||||
'/var/opt/ntfy': {
|
||||
directories['/var/cache/ntfy'] = {
|
||||
'owner': 'ntfy',
|
||||
'group': 'ntfy',
|
||||
'before': {
|
||||
'pkg_apt:ntfy',
|
||||
},
|
||||
}
|
||||
|
||||
svc_systemd = {
|
||||
'ntfy': {
|
||||
directories['/var/opt/ntfy'] = {
|
||||
'owner': 'ntfy',
|
||||
'group': 'ntfy',
|
||||
'before': {
|
||||
'pkg_apt:ntfy',
|
||||
},
|
||||
}
|
||||
|
||||
svc_systemd['ntfy'] = {
|
||||
'needs': {
|
||||
'file:/etc/ntfy/server.yml',
|
||||
'pkg_apt:ntfy',
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
users = {
|
||||
'ntfy': {
|
||||
'home': '/opt/ntfy',
|
||||
},
|
||||
users['ntfy'] = {
|
||||
'home': '/var/lib/ntfy',
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue