matrix-docker-ansible-deploy icon indicating copy to clipboard operation
matrix-docker-ansible-deploy copied to clipboard

Published 20 hours ago verified publisher icon spantaleev

Ntfy: add auth support

Open aine-etke opened this issue 2 years ago • 5 comments

Is your feature request related to a problem? Please describe. Current ntfy implementation doesn't enforce auth, so literally anybody can use a ntfy server installed with the playbook

Describe the solution you'd like Provide a way to configure auth, ref: https://unifiedpush.org/users/distributors/ntfy/#limit-access-to-some-users and https://ntfy.sh/docs/config/#users-and-roles

Describe alternatives you've considered N/A

Additional context https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/e4cbdd56d850ebaedcd85d201a1cdb1a71437621

aine-etke avatar Jul 05 '22 10:07 aine-etke

ping @julianfoad

aine-etke avatar Jul 05 '22 10:07 aine-etke

when i try to add an User i got this

docker exec matrix-ntfy ntfy user list 
option auth-file not set; auth is unconfigured for this server

i think the authfile is set in the main.yml. But found no Variable

i have a look here: https://ntfy.sh/docs/config/?h=auth+file#access-control-list-acl The File must exsist at "/var/lib/ntfy/user.db"

Maybe auth-file: "/var/lib/ntfy/auth.db" helps?

Happyfeet01 avatar Jul 10 '22 13:07 Happyfeet01

Just curious... But anybody figured out how to put any authentication to ntfy in the meantime?

mygitcrazy avatar Oct 08 '22 19:10 mygitcrazy

Hey, I enabled basic auth although it is a bit limited due to unified push which does not support ntfys auth system. Basically, my ntfy instance is secured such that only authenticated users can read/publish to any topic and, in addition, anyone can write to unified push topics (topics which start with "up").

I basically followed: https://unifiedpush.org/users/distributors/ntfy/

I added the following to my vars.yml for the playbook:

matrix_ntfy_container_extra_arguments:
  - '--mount type=bind,src=/matrix/ntfy/databases,dst=/var/lib/ntfy'
  
matrix_ntfy_configuration_extension_yaml: |
  web-root: disable
  log_level: DEBUG
  auth-file: "/var/lib/ntfy/user.db"
  auth-default-access: "deny-all"

Afterwards, I opened a shell (docker exec -it ID_OF_NTFY_DOCKER sh ) and added a ntfy admin user and the access rule for unified push.

tommes0815 avatar Nov 28 '22 11:11 tommes0815

Hey, I enabled basic auth although it is a bit limited due to unified push which does not support ntfys auth system. Basically, my ntfy instance is secured such that only authenticated users can read/publish to any topic and, in addition, anyone can write to unified push topics (topics which start with "up").

I basically followed: https://unifiedpush.org/users/distributors/ntfy/

I added the following to my vars.yml for the playbook:

matrix_ntfy_container_extra_arguments:
  - '--mount type=bind,src=/matrix/ntfy/databases,dst=/var/lib/ntfy'
  
matrix_ntfy_configuration_extension_yaml: |
  web-root: disable
  log_level: DEBUG
  auth-file: "/var/lib/ntfy/user.db"
  auth-default-access: "deny-all"

Afterwards, I opened a shell (docker exec -it ID_OF_NTFY_DOCKER sh ) and added a ntfy admin user and the access rule for unified push.

Thanks for the clear explanation and write up on how you did that. Very much appreciated 🙏 👍

mygitcrazy avatar Nov 28 '22 11:11 mygitcrazy