hosting/cloudserve-infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add ntfy role

Browse source 
Installs and configures the ntfysh server to enable notifications.
This commit is contained in:
Marty Oehme 2022-01-23 13:54:56 +01:00
parent 1e0643352d
commit 32b1b13ef4
Signed by: Marty
GPG key ID: B7538B8F50A1C800
11 changed files with 253 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
group_vars/testing.yml
View file

@ -12,6 +12,7 @@ landingpage_use_https: no
miniflux_use_https: no
monica_use_https: no
nextcloud_use_https: no
ntfy_use_https: no
searx_use_https: no
shaarli_use_https: no
traggo_use_https: no

42
roles/ntfy/README.md Normal file
View file

@ -0,0 +1,42 @@
# ntfy
A self-hosted notifications service.
Can take messages sent to the server through simple POST requests on specific topics and
blasts them out to any subscribed receiver on Android, Web, Commandline, or even in other applications.
Thus can function as a simple cross-platform push message service that fits very well into unix workflows.
## Defaults
```
ntfy_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}"
```
The on-target directory where the proxy configuration file should be stashed.
```
ntfy_use_https: true
```
Whether the service should be reachable through http (port 80) or through https (port 443) and provision an https certificate.
Usually you will want this to stay `true`,
especially on the public facing web.
```
ntfy_version: latest
```
The docker image version to be used in stack creation.
```
subdomain_alias: push
```
If the deployed container should be served over a uri that is not the stack name.
By default, it will be set to `push.yourdomain.com` -
if this option is not set it will be served on `ntfy.yourdomain.com` instead.
The individual `ntfy` options to be changed are very well described on
[the ntfy documentation](https://ntfy.sh/docs/config/).
Together with the default variables for this role it should be easy to find a good pair of settings.

20
roles/ntfy/defaults/main.yml Normal file
View file

@ -0,0 +1,20 @@
---
ntfy_version: latest
ntfy_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}"
ntfy_use_https: true
subdomain_alias: push
ntfy_global_topic_limit: "15000"
ntfy_visitor_subscription_limit: "30"
ntfy_visitor_request_limit_burst: "60"
ntfy_visitor_request_limit_replenish: "10s"
ntfy_cache_duration: "12h"
ntfy_attachment_total_size_limit: "5G"
ntfy_attachment_file_size_limit: "15M"
ntfy_attachment_expiry_duration: "5h"
ntfy_visitor_attachment_total_size_limit: "500M"
ntfy_visitor_attachment_daily_bandwidth_limit: "1G"

46
roles/ntfy/handlers/main.yml Normal file
View file

@ -0,0 +1,46 @@
## Register reverse proxy
- name: Ensure upstream directory exists
ansible.builtin.file:
path: "{{ ntfy_upstream_file_dir }}"
state: directory
mode: '0755'
become: yes
listen: "update ntfy upstream"
- name: Update upstream template
ansible.builtin.template:
src: upstream.json.j2
dest: "{{ ntfy_upstream_file_dir }}/upstream.json"
become: yes
listen: "update ntfy upstream"
# figure out if upstream id exists
- name: check {{ stack_name }} upstream
community.docker.docker_container_exec:
container: "{{ caddy_container_id }}"
command: >
curl localhost:2019/id/{{ stack_name }}_upstream/
changed_when: False
register: result
become: yes
listen: "update ntfy upstream"
# upstream already exists, patch it
- name: remove old {{ stack_name }} upstream
community.docker.docker_container_exec:
container: "{{ caddy_container_id }}"
command: >
curl -X DELETE localhost:2019/id/{{ stack_name }}_upstream/
become: yes
when: (result.stdout | from_json)['error'] is not defined
listen: "update ntfy upstream"
# upstream has to be created
- name: add {{ stack_name }} upstream
community.docker.docker_container_exec:
container: "{{ caddy_container_id }}"
command: >
curl -X POST -H "Content-Type: application/json" -d @{{ ntfy_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (ntfy_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/
become: yes
listen: "update ntfy upstream"

14
roles/ntfy/meta/main.yml Normal file
View file

@ -0,0 +1,14 @@
---
galaxy_info:
author: Marty Oehme
description: Installs a self-hosted push notification service through docker-swarm.
license: GPL-3.0-only
min_ansible_version: 2.9
galaxy_tags: []
dependencies:
- docker
- docker-swarm
- caddy

38
roles/ntfy/tasks/main.yml Normal file
View file

@ -0,0 +1,38 @@
---
- name: Ensure target directory exists
ansible.builtin.file:
path: "{{ ntfy_upstream_file_dir }}"
state: directory
mode: '0755'
become: yes
- name: Move ntfy configuration file to target dir
ansible.builtin.template:
src: "server.yml.j2"
dest: "{{ ntfy_upstream_file_dir }}/server.yml"
become: yes
notify: "update ntfy upstream"
## install ntfy container
- name: Check upstream status
community.docker.docker_container_exec:
container: "{{ caddy_container_id }}"
command: >
curl localhost:2019/id/{{ stack_name }}_upstream/
register: result
changed_when: (result.stdout | from_json) != (lookup('template', 'upstream.json.j2') | from_yaml)
become: yes
notify: "update ntfy upstream"
- name: Deploy ntfy to swarm
community.general.docker_stack:
name: "{{ stack_name }}"
state: present
prune: yes
compose:
- "{{ stack_compose }}"
become: yes
tags:
- docker-swarm
notify: "update ntfy upstream"

25
roles/ntfy/templates/docker-stack.yml.j2 Normal file
View file

@ -0,0 +1,25 @@
version: '3.4'
services:
app:
image: "{{ stack_image }}:{{ ntfy_version }}"
healthcheck:
test: ["CMD", "wget", "--spider", "-q", "localhost"]
interval: 1m
timeout: 10s
retries: 3
start_period: 1m
volumes:
- "{{ ntfy_upstream_file_dir }}/server.yml:/etc/ntfy/server.yml"
- cache:/var/cache/ntfy
networks:
- "{{ docker_swarm_public_network_name }}"
volumes:
cache:
networks:
"{{ docker_swarm_public_network_name }}":
external: true

15
roles/ntfy/templates/server.yml.j2 Normal file
View file

@ -0,0 +1,15 @@
base-url: "https://{{ server_domain }}"
global_topic_limit: "{{ ntfy_global_topic_limit }}"
visitor_subscription_limit: "{{ ntfy_visitor_subscription_limit }}"
visitor_request_limit_burst: "{{ ntfy_visitor_request_limit_burst }}"
visitor_request_limit_replenish: "{{ ntfy_visitor_request_limit_replenish }}"
cache-file: "/var/cache/ntfy/cache.db"
cache_duration: "{{ ntfy_cache_duration }}"
attachment-cache-dir: "/var/cache/ntfy/attachments"
attachment_total_size_limit: "{{ ntfy_attachment_total_size_limit }}"
attachment_file_size_limit: "{{ ntfy_attachment_file_size_limit }}"
attachment_expiry_duration: "{{ ntfy_attachment_expiry_duration }}"
visitor_attachment_total_size_limit: "{{ ntfy_visitor_attachment_total_size_limit }}"
visitor_attachment_daily_bandwidth_limit: "{{ ntfy_visitor_attachment_daily_bandwidth_limit }}"
behind-proxy: true # uses 'X-Forwarded-For' Headers for individual visitors
# TODO i believe Caddy does not set the correct X-Forwarded-For header, see whoami container to check

40
roles/ntfy/templates/upstream.json.j2 Normal file
View file

@ -0,0 +1,40 @@
{
"@id": "{{ stack_name }}_upstream",
{% if server_domain is not undefined and not none %}
"match": [
{
"host": [
{% if subdomain_alias is not undefined and not none %}
"{{ subdomain_alias }}.{{ server_domain }}"
{% else %}
"{{ stack_name }}.{{ server_domain }}"
{% endif %}
]
}
],
{% else %}
"match": [
{
"path": [
{% if subdomain_alias is not undefined and not none %}
"/{{ subdomain_alias }}*"
{% else %}
"/{{ stack_name }}*"
{% endif %}
,
"/"
]
}
],
{% endif %}
"handle": [
{
"handler": "reverse_proxy",
"upstreams": [
{
"dial": "{{ stack_name }}_app:80"
}
]
}
]
}

7
roles/ntfy/vars/main.yml Normal file
View file

@ -0,0 +1,7 @@
---
stack_name: ntfy
stack_image: "binwiederhier/ntfy"
stack_compose: "{{ lookup('template', 'docker-stack.yml.j2') | from_yaml }}"

5
site.yml
View file

@ -78,3 +78,8 @@
import_role:
role: gitea
tags: gitea
- name: Install ntfy
import_role:
role: ntfy
tags: ntfy