Add ntfy push notifications + mailrise SMTP bridge

- ntfy: self-hosted push notification service (port 8086)
- mailrise: SMTP-to-ntfy converter (port 8025)
- Configs in ./ntfy/server.yml and ./ntfy/mailrise.yml
- Token-based authentication for ntfy
- Updated docs and .gitignore

.gitignore

@@ -15,6 +15,8 @@
 !AGENTS.md
 !discord-agent/
 !discord-agent/**
+!ntfy/
+!ntfy/**
 
 # Never track actual secrets
 .env

AGENTS.md

@@ -13,7 +13,7 @@ The infrastructure is split into 5 independent compose files sharing a common `.
 | **Media** | `docker-compose.media.yml` | Media: arr stack, jellyfin, qbittorrent, slskd, metube, maloja, scrobbler |
 | **Documents** | `docker-compose.documents.yml` | Paperless-ngx + AI, onlyoffice, stirling-pdf, open-webui |
 | **Photo & ROM Library** | `docker-compose.photo-roms.yml` | Immich, syncthing, retrom |
-| **Utilities** | `docker-compose.utils.yml` | Gitea, tandoor, speedtest-tracker, rustdesk, redbot, linkwarden, neolink, iperf3 |
+| **Utilities** | `docker-compose.utils.yml` | Gitea, tandoor, speedtest-tracker, rustdesk, redbot, linkwarden, neolink, iperf3, ntfy, mailrise |
 
 ## Core Infrastructure Agents (infra.yml)
 
@@ -115,6 +115,14 @@ The infrastructure is split into 5 independent compose files sharing a common `.
 ### Discord Bots
 - **RedBot** - Discord bot with custom cogs (internal_net)
 
+### Notifications
+- **Ntfy** - Push notification service (port 8086)
+  - Token-based authentication
+  - Subscribable topics: alerts, backups, paperless
+- **Mailrise** - SMTP-to-ntfy bridge (port 8025)
+  - Converts email alerts into push notifications
+  - Works with any service that supports SMTP notifications
+
 ### Network Tools
 - **iperf3-server** - Network performance testing (port 5201)
 
@@ -173,6 +181,7 @@ Networks are defined in `docker-compose.infra.yml` and referenced as `external:
 ├── rustdesk/ (Remote desktop)
 ├── redbot/ (Discord bot)
 ├── stirling/ (PDF tools)
+├── ntfy/ (Notification configs)
 └── Various other service configs
 ```
 

README.md

@@ -14,7 +14,7 @@ The deployment is split into **5 independent compose stacks** sharing a common `
 | **Media** | `docker-compose.media.yml` | prowlarr, flaresolverr, qbittorrent, radarr, sonarr, lidarr, bazarr, seerr, jellyfin, slskd, metube, maloja, multi-scrobbler |
 | **Documents** | `docker-compose.documents.yml` | onlyoffice, paperless-ngx (db, broker, tika, gotenberg, webserver, ai), stirling-pdf, open-webui |
 | **Photo & ROM Library** | `docker-compose.photo-roms.yml` | immich (server, postgres, ml, redis), syncthing, retrom (db, adminer, service, jaeger) |
-| **Utilities** | `docker-compose.utils.yml` | gitea (server + db), tandoor (db + web), speedtest-tracker (app + db), rustdesk (hbbs + hbbr), redbot, iperf3-server, neolink, linkwarden (app + db + meilisearch) |
+| **Utilities** | `docker-compose.utils.yml` | gitea (server + db), tandoor (db + web), speedtest-tracker (app + db), rustdesk (hbbs + hbbr), redbot, iperf3-server, neolink, linkwarden (app + db + meilisearch), ntfy, mailrise |
 
 ## Architecture
 
@@ -58,6 +58,8 @@ The deployment is split into **5 independent compose stacks** sharing a common `
 | Utilities | iperf3-server | Network performance test | 5201 |
 | Utilities | Neolink | Reolink camera bridge | 8554 |
 | Utilities | Linkwarden | Bookmark manager | 3400 |
+| Utilities | Ntfy | Push notification service | 8086 |
+| Utilities | Mailrise | SMTP-to-ntfy notification bridge | 8025 |
 
 ### Network Segmentation
 
@@ -100,6 +102,7 @@ Networks are created by `infra.yml` and referenced as external by all other stac
 ├── surmai/
 ├── syncthing/
 ├── tandoor/
+├── ntfy/ (notification configs)
 ├── wud/
 └── .env (shared environment variables)
 ```

RESTORE.md

@@ -64,7 +64,7 @@ mkdir -p /docker/{immich,qBittorrent,paperless,stirling,syncthing,gitea}
 mkdir -p /docker/{speedtest-tracker,rustdesk,redbot,maloja,scrobble}
 mkdir -p /docker/{retrom/config,retrom/data}
 mkdir -p /docker/{wud,ntopng,slskd,npm/data,npm/letsencrypt,npm/mysql}
-mkdir -p /docker/{Homepage/config,neolink,tandoor,linkwarden}
+mkdir -p /docker/{Homepage/config,neolink,tandoor,linkwarden,ntfy}
 
 # Set correct permissions
 PUID=$(id -u)
@@ -84,9 +84,11 @@ docker volume create docker_dbdata
 docker volume create docker_aidata
 docker volume create docker_onlyoffice
 docker volume create docker_redisdata
+docker volume create ntfy_cache
+docker volume create ntfy_auth
 
 # Restore volume data
-for volume in portainer_data open-webui docker_dbdata docker_aidata docker_onlyoffice docker_redisdata; do
+for volume in portainer_data open-webui docker_dbdata docker_aidata docker_onlyoffice docker_redisdata ntfy_cache ntfy_auth; do
   if [ -f "/path/to/backup/volumes/${volume}.tar.gz" ]; then
     docker run --rm \
       -v ${volume}:/volume \

docker-compose.utils.yml

@@ -240,6 +240,31 @@ services:
     volumes:
       - ./linkwarden/meili_data:/meili_data
 
+  ntfy:
+    image: binwiederhier/ntfy
+    container_name: ntfy
+    restart: unless-stopped
+    networks:
+      - web_net
+    ports:
+      - "8086:8086"
+    volumes:
+      - ./ntfy:/etc/ntfy
+      - ntfy_cache:/var/cache/ntfy
+      - ntfy_auth:/var/lib/ntfy
+    command: serve
+    logging: *default-logging
+
+  mailrise:
+    image: yoryan/mailrise
+    container_name: mailrise
+    restart: unless-stopped
+    ports:
+      - "8025:8025"
+    volumes:
+      - ./ntfy/mailrise.yml:/etc/mailrise/mailrise.yml:ro
+    logging: *default-logging
+
 networks:
   web_net:
     name: web_net
@@ -250,3 +275,7 @@ networks:
   internal_net:
     name: internal_net
     external: true
+
+volumes:
+  ntfy_cache:
+  ntfy_auth:

ntfy/mailrise.yml

@@ -0,0 +1,13 @@
+smtp:
+  hostname: mailrise
+  port: 8025
+
+ntfy:
+  default:
+    url: http://ntfy:8086
+    token: tk_yourtokenhere
+
+configs:
+  alerts: alerts
+  backups: backups
+  paperless: paperless

ntfy/server.yml

@@ -0,0 +1,6 @@
+listen-http: ":8086"
+cache-file: "/var/cache/ntfy/cache.db"
+auth-file: "/var/lib/ntfy/auth.db"
+auth-default-access: "deny-all"
+behind-proxy: true
+base-url: "https://ntfy.kansaigaijin.com"