diff --git a/.gitignore b/.gitignore index 5506502..4f3f760 100644 --- a/.gitignore +++ b/.gitignore @@ -15,6 +15,8 @@ !AGENTS.md !discord-agent/ !discord-agent/** +!ntfy/ +!ntfy/** # Never track actual secrets .env diff --git a/AGENTS.md b/AGENTS.md index b06e984..cb3d438 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -13,7 +13,7 @@ The infrastructure is split into 5 independent compose files sharing a common `. | **Media** | `docker-compose.media.yml` | Media: arr stack, jellyfin, qbittorrent, slskd, metube, maloja, scrobbler | | **Documents** | `docker-compose.documents.yml` | Paperless-ngx + AI, onlyoffice, stirling-pdf, open-webui | | **Photo & ROM Library** | `docker-compose.photo-roms.yml` | Immich, syncthing, retrom | -| **Utilities** | `docker-compose.utils.yml` | Gitea, tandoor, speedtest-tracker, rustdesk, redbot, linkwarden, neolink, iperf3 | +| **Utilities** | `docker-compose.utils.yml` | Gitea, tandoor, speedtest-tracker, rustdesk, redbot, linkwarden, neolink, iperf3, ntfy, mailrise | ## Core Infrastructure Agents (infra.yml) @@ -115,6 +115,14 @@ The infrastructure is split into 5 independent compose files sharing a common `. ### Discord Bots - **RedBot** - Discord bot with custom cogs (internal_net) +### Notifications +- **Ntfy** - Push notification service (port 8086) + - Token-based authentication + - Subscribable topics: alerts, backups, paperless +- **Mailrise** - SMTP-to-ntfy bridge (port 8025) + - Converts email alerts into push notifications + - Works with any service that supports SMTP notifications + ### Network Tools - **iperf3-server** - Network performance testing (port 5201) @@ -173,6 +181,7 @@ Networks are defined in `docker-compose.infra.yml` and referenced as `external: ├── rustdesk/ (Remote desktop) ├── redbot/ (Discord bot) ├── stirling/ (PDF tools) +├── ntfy/ (Notification configs) └── Various other service configs ``` diff --git a/README.md b/README.md index 7dc1d15..f1366b1 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ The deployment is split into **5 independent compose stacks** sharing a common ` | **Media** | `docker-compose.media.yml` | prowlarr, flaresolverr, qbittorrent, radarr, sonarr, lidarr, bazarr, seerr, jellyfin, slskd, metube, maloja, multi-scrobbler | | **Documents** | `docker-compose.documents.yml` | onlyoffice, paperless-ngx (db, broker, tika, gotenberg, webserver, ai), stirling-pdf, open-webui | | **Photo & ROM Library** | `docker-compose.photo-roms.yml` | immich (server, postgres, ml, redis), syncthing, retrom (db, adminer, service, jaeger) | -| **Utilities** | `docker-compose.utils.yml` | gitea (server + db), tandoor (db + web), speedtest-tracker (app + db), rustdesk (hbbs + hbbr), redbot, iperf3-server, neolink, linkwarden (app + db + meilisearch) | +| **Utilities** | `docker-compose.utils.yml` | gitea (server + db), tandoor (db + web), speedtest-tracker (app + db), rustdesk (hbbs + hbbr), redbot, iperf3-server, neolink, linkwarden (app + db + meilisearch), ntfy, mailrise | ## Architecture @@ -58,6 +58,8 @@ The deployment is split into **5 independent compose stacks** sharing a common ` | Utilities | iperf3-server | Network performance test | 5201 | | Utilities | Neolink | Reolink camera bridge | 8554 | | Utilities | Linkwarden | Bookmark manager | 3400 | +| Utilities | Ntfy | Push notification service | 8086 | +| Utilities | Mailrise | SMTP-to-ntfy notification bridge | 8025 | ### Network Segmentation @@ -100,6 +102,7 @@ Networks are created by `infra.yml` and referenced as external by all other stac ├── surmai/ ├── syncthing/ ├── tandoor/ +├── ntfy/ (notification configs) ├── wud/ └── .env (shared environment variables) ``` diff --git a/RESTORE.md b/RESTORE.md index 588018f..daee437 100644 --- a/RESTORE.md +++ b/RESTORE.md @@ -64,7 +64,7 @@ mkdir -p /docker/{immich,qBittorrent,paperless,stirling,syncthing,gitea} mkdir -p /docker/{speedtest-tracker,rustdesk,redbot,maloja,scrobble} mkdir -p /docker/{retrom/config,retrom/data} mkdir -p /docker/{wud,ntopng,slskd,npm/data,npm/letsencrypt,npm/mysql} -mkdir -p /docker/{Homepage/config,neolink,tandoor,linkwarden} +mkdir -p /docker/{Homepage/config,neolink,tandoor,linkwarden,ntfy} # Set correct permissions PUID=$(id -u) @@ -84,9 +84,11 @@ docker volume create docker_dbdata docker volume create docker_aidata docker volume create docker_onlyoffice docker volume create docker_redisdata +docker volume create ntfy_cache +docker volume create ntfy_auth # Restore volume data -for volume in portainer_data open-webui docker_dbdata docker_aidata docker_onlyoffice docker_redisdata; do +for volume in portainer_data open-webui docker_dbdata docker_aidata docker_onlyoffice docker_redisdata ntfy_cache ntfy_auth; do if [ -f "/path/to/backup/volumes/${volume}.tar.gz" ]; then docker run --rm \ -v ${volume}:/volume \ diff --git a/docker-compose.utils.yml b/docker-compose.utils.yml index 601c9ae..a5d83cb 100644 --- a/docker-compose.utils.yml +++ b/docker-compose.utils.yml @@ -240,6 +240,31 @@ services: volumes: - ./linkwarden/meili_data:/meili_data + ntfy: + image: binwiederhier/ntfy + container_name: ntfy + restart: unless-stopped + networks: + - web_net + ports: + - "8086:8086" + volumes: + - ./ntfy:/etc/ntfy + - ntfy_cache:/var/cache/ntfy + - ntfy_auth:/var/lib/ntfy + command: serve + logging: *default-logging + + mailrise: + image: yoryan/mailrise + container_name: mailrise + restart: unless-stopped + ports: + - "8025:8025" + volumes: + - ./ntfy/mailrise.yml:/etc/mailrise/mailrise.yml:ro + logging: *default-logging + networks: web_net: name: web_net @@ -250,3 +275,7 @@ networks: internal_net: name: internal_net external: true + +volumes: + ntfy_cache: + ntfy_auth: diff --git a/ntfy/mailrise.yml b/ntfy/mailrise.yml new file mode 100644 index 0000000..6de43db --- /dev/null +++ b/ntfy/mailrise.yml @@ -0,0 +1,13 @@ +smtp: + hostname: mailrise + port: 8025 + +ntfy: + default: + url: http://ntfy:8086 + token: tk_yourtokenhere + +configs: + alerts: alerts + backups: backups + paperless: paperless diff --git a/ntfy/server.yml b/ntfy/server.yml new file mode 100644 index 0000000..ec2d7f5 --- /dev/null +++ b/ntfy/server.yml @@ -0,0 +1,6 @@ +listen-http: ":8086" +cache-file: "/var/cache/ntfy/cache.db" +auth-file: "/var/lib/ntfy/auth.db" +auth-default-access: "deny-all" +behind-proxy: true +base-url: "https://ntfy.kansaigaijin.com"