From f4b96afcfa77de675af75583e4bc66749acd137d Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Sat, 23 Dec 2023 16:40:53 +0000 Subject: [PATCH] Deploy ntfy --- ansible/main.yml | 1 + .../forrest/files/prometheus/prometheus.yml | 1 + ansible/roles/ntfy/files/docker-compose.yml | 36 +++++++++++++++++++ ansible/roles/ntfy/handlers/main.yml | 4 +++ ansible/roles/ntfy/tasks/main.yml | 20 +++++++++++ ansible/roles/ntfy/vars/vault.yml | 18 ++++++++++ terraform/jakehoward.tech.tf | 8 +++++ 7 files changed, 88 insertions(+) create mode 100644 ansible/roles/ntfy/files/docker-compose.yml create mode 100644 ansible/roles/ntfy/handlers/main.yml create mode 100644 ansible/roles/ntfy/tasks/main.yml create mode 100644 ansible/roles/ntfy/vars/vault.yml diff --git a/ansible/main.yml b/ansible/main.yml index e0bcd02..e34444d 100644 --- a/ansible/main.yml +++ b/ansible/main.yml @@ -68,6 +68,7 @@ - vikunja - authentik - minio + - ntfy - hosts: ingress roles: diff --git a/ansible/roles/forrest/files/prometheus/prometheus.yml b/ansible/roles/forrest/files/prometheus/prometheus.yml index 8d35c0b..ddb09fb 100644 --- a/ansible/roles/forrest/files/prometheus/prometheus.yml +++ b/ansible/roles/forrest/files/prometheus/prometheus.yml @@ -62,6 +62,7 @@ scrape_configs: - https://media.jakehoward.tech - https://minio.jakehoward.tech/minio/health/live - https://notes.theorangeone.net + - https://ntfy.jakehoward.tech/v1/health - https://plausible.theorangeone.net - https://recipes.jakehoward.tech - https://s3.jakehoward.tech/minio/health/live diff --git a/ansible/roles/ntfy/files/docker-compose.yml b/ansible/roles/ntfy/files/docker-compose.yml new file mode 100644 index 0000000..98c6d23 --- /dev/null +++ b/ansible/roles/ntfy/files/docker-compose.yml @@ -0,0 +1,36 @@ +version: "2.3" + +services: + ntfy: + image: binwiederhier/ntfy:latest + command: serve + user: "{{ docker_user.id }}" + environment: + - TZ={{ timezone }} + - NTFY_BASE_URL=https://ntfy.jakehoward.tech + - NTFY_AUTH_FILE=/etc/ntfy/auth.db + - NTFY_CACHE_FILE=/etc/ntfy/cache.db + - NTFY_AUTH_DEFAULT_ACCESS=deny-all + - NTFY_CACHE_DURATION=24h + - NTFY_ATTACHMENT_CACHE_DIR=/etc/ntfy/attachments + - NTFY_ATTACHMENT_EXPIRY_DURATION=24h + - NTFY_WEB_PUSH_PUBLIC_KEY={{ vault_ntfy_web_push_public_key }} + - NTFY_WEB_PUSH_PRIVATE_KEY={{ vault_ntfy_web_push_private_key }} + - NTFY_WEB_PUSH_FILE=/etc/ntfy/webpush.db + - NTFY_WEB_PUSH_EMAIL_ADDRESS={{ vault_ntfy_web_push_email }} + restart: unless-stopped + volumes: + - "{{ app_data_dir }}/ntfy:/etc/ntfy" + labels: + - traefik.enable=true + - traefik.http.routers.ntfy.rule=Host(`ntfy.jakehoward.tech`) + tmpfs: + - /var/cache/ntfy + - /tmp + networks: + - default + - traefik + +networks: + traefik: + external: true diff --git a/ansible/roles/ntfy/handlers/main.yml b/ansible/roles/ntfy/handlers/main.yml new file mode 100644 index 0000000..1829e8e --- /dev/null +++ b/ansible/roles/ntfy/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart ntfy + shell: + chdir: /opt/ntfy + cmd: "{{ docker_update_command }}" diff --git a/ansible/roles/ntfy/tasks/main.yml b/ansible/roles/ntfy/tasks/main.yml new file mode 100644 index 0000000..fe352d0 --- /dev/null +++ b/ansible/roles/ntfy/tasks/main.yml @@ -0,0 +1,20 @@ +- name: Include vault + include_vars: vault.yml + +- name: Create install directory + file: + path: /opt/ntfy + state: directory + owner: "{{ docker_user.name }}" + mode: "{{ docker_compose_directory_mask }}" + become: true + +- name: Install compose file + template: + src: files/docker-compose.yml + dest: /opt/ntfy/docker-compose.yml + mode: "{{ docker_compose_file_mask }}" + owner: "{{ docker_user.name }}" + validate: docker-compose -f %s config + notify: restart ntfy + become: true diff --git a/ansible/roles/ntfy/vars/vault.yml b/ansible/roles/ntfy/vars/vault.yml new file mode 100644 index 0000000..43cef71 --- /dev/null +++ b/ansible/roles/ntfy/vars/vault.yml @@ -0,0 +1,18 @@ +$ANSIBLE_VAULT;1.1;AES256 +34623831653665313137333830663439373661363232373363363061346561393963643165313037 +6561363436623761363564336564646266363062306135660a663235333338646430663263363732 +61343565366365353435623032383933383162623037343833313539363666333666313338376635 +6661363766613734610a666233396533353464666439346237326237316633633862323365336335 +37633263386336623236396362663438663930636132313561353639343035643731633037363062 +31323962633562616636326338353639306131343366343339666131373632616266313435313131 +61663438656363633064653738393765633436313365633766376266626438353535303336616235 +62333430316661393830646166383839383431313761613633366536336564363266623433336631 +61376263663234333530333339333930396361326466653639393930633962316362643031656666 +33633633366461323861333434316466623736343030396163323166313233373339336463383362 +35613962393965636332343763313534366339646133636238626265393334643233346537376564 +30393934323566383232333066633839316434306430323063323336346633346261313032646336 +66373233356465646338313966386631376466323834353235663034656335373730373463333431 +63366438393736343233623837383963663664303332396438373462633330323664656464363037 +65333331616366316330313330643765383437666164376435383737346437656433643366383835 +65346531346639623936643936373933306664656231626432343733393434303630363232333730 +3530 diff --git a/terraform/jakehoward.tech.tf b/terraform/jakehoward.tech.tf index 6492283..b88a689 100644 --- a/terraform/jakehoward.tech.tf +++ b/terraform/jakehoward.tech.tf @@ -237,6 +237,14 @@ resource "cloudflare_record" "jakehowardtech_s3" { ttl = 1 } +resource "cloudflare_record" "jakehowardtech_ntfy" { + zone_id = cloudflare_zone.jakehowardtech.id + name = "ntfy" + value = linode_instance.casey.ip_address + type = "A" + ttl = 1 +} + resource "cloudflare_record" "jakehowardtech_caa" { zone_id = cloudflare_zone.jakehowardtech.id name = "@"