Switch to using an external Ntfy role

The newly extracted role also has native Traefik support, so we no longer need to rely on `matrix-nginx-proxy` for reverse-proxying to Ntfy. The new role uses port `80` inside the container (not `8080`, like before), because that's the default assumption of the officially published container image. Using a custom port (like `8080`), means the default healthcheck command (which hardcodes port `80`) doesn't work. Instead of fiddling to override the healthcheck command, we've decided to stick to the default port instead. This only affects the inside-the-container port, not any external ports. The new role also supports adding the network ranges of the container's multiple additional networks as "exempt hosts". Previously, only one network's address range was added to "exempt hosts".
2 years ago · 964aa0e84d
parent 38c4e464c1
commit 964aa0e84d
17 changed files with 78 additions and 258 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,3 +1,14 @@
+# 2023-02-17
+
+## The matrix-ntfy role lives independently now
+
+**TLDR**: the `matrix-ntfy` role is now included from another repository. Some variables have been renamed. All functionality remains intact.
+
+The `matrix-ntfy` role (which configures [Ntfy](https://ntfy.sh/)) has been extracted from the playbook and now lives in its [own repository](https://gitlab.com/etke.cc/roles/ntfy). This makes it possible to easily use it in other Ansible playbooks.
+
+You need to **update you roles** (`just roles` or `make roles`) regardless of whether you're enabling Ntfy or not. If you're making use of Ntfy via this playbook, you will need to update variable references in your `vars.yml` file (`matrix_ntfy_` -> `ntfy_`).
+
+
 # 2023-02-15

 ## The matrix-grafana role lives independently now
--- a/docs/configuring-playbook-ntfy.md
+++ b/docs/configuring-playbook-ntfy.md
@ -15,17 +15,20 @@ Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.

 ```yaml
 # Enabling it is the only required setting
-matrix_ntfy_enabled: true
+ntfy_enabled: true

-# Some other options
-matrix_server_fqn_ntfy: "ntfy.{{ matrix_domain }}"
-matrix_ntfy_configuration_extension_yaml: |
-  log_level: DEBUG
+# This is the default hostname.
+# Uncomment the line below and change it, if you'd like.
+# matrix_server_fqn_ntfy: "ntfy.{{ matrix_domain }}"
+
+# Uncomment and change to inject additional configuration options.
+# ntfy_configuration_extension_yaml: |
+#   log_level: DEBUG
 ```

-For a more complete list of variables that you could override, see `roles/custom/matrix-ntfy/defaults/main.yml`.
+For a more complete list of variables that you could override, see the [`defaults/main.yml` file](https://gitlab.com/etke.cc/roles/ntfy/-/blob/main/defaults/main.yml) of the ntfy Ansible role.

-For a complete list of ntfy config options that you could put in `matrix_ntfy_configuration_extension_yaml`, see the [ntfy config documentation](https://ntfy.sh/docs/config/#config-options).
+For a complete list of ntfy config options that you could put in `ntfy_configuration_extension_yaml`, see the [ntfy config documentation](https://ntfy.sh/docs/config/#config-options).


 ## Installing
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@ -326,7 +326,7 @@ devture_systemd_service_manager_services_list_auto: |
    +
    (matrix_ssl_renewal_systemd_units_list | selectattr('applicable') | selectattr('enableable') | list )
    +
-    ([{'name': 'matrix-ntfy.service', 'priority': 800, 'groups': ['matrix', 'ntfy']}] if matrix_ntfy_enabled else [])
+    ([{'name': (ntfy_identifier + '.service'), 'priority': 800, 'groups': ['matrix', 'ntfy']}] if ntfy_enabled else [])
    +
    ([{'name': (devture_postgres_identifier + '.service'), 'priority': 500, 'groups': ['matrix', 'postgres']}] if devture_postgres_enabled else [])
    +
@ -2379,8 +2379,8 @@ matrix_nginx_proxy_proxy_matrix_client_redirect_root_uri_to_domain: "{{ matrix_s

 matrix_nginx_proxy_proxy_matrix_enabled: true
 matrix_nginx_proxy_proxy_element_enabled: "{{ matrix_client_element_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
-matrix_nginx_proxy_proxy_hydrogen_enabled: "{{ matrix_client_hydrogen_enabled }}"
-matrix_nginx_proxy_proxy_cinny_enabled: "{{ matrix_client_cinny_enabled }}"
+matrix_nginx_proxy_proxy_hydrogen_enabled: "{{ matrix_client_hydrogen_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
+matrix_nginx_proxy_proxy_cinny_enabled: "{{ matrix_client_cinny_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
 matrix_nginx_proxy_proxy_buscarron_enabled: "{{ matrix_bot_buscarron_enabled }}"
 matrix_nginx_proxy_proxy_dimension_enabled: "{{ matrix_dimension_enabled }}"
 matrix_nginx_proxy_proxy_etherpad_enabled: "{{ matrix_etherpad_enabled and matrix_etherpad_mode == 'standalone' }}"
@ -2389,9 +2389,9 @@ matrix_nginx_proxy_proxy_bot_go_neb_enabled: "{{ matrix_bot_go_neb_enabled }}"
 matrix_nginx_proxy_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}"
 matrix_nginx_proxy_proxy_jitsi_manage_wellknown: "{{ matrix_jitsi_require_well_known }}"

-matrix_nginx_proxy_proxy_grafana_enabled: "{{ grafana_enabled }}"
+matrix_nginx_proxy_proxy_grafana_enabled: "{{ grafana_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
 matrix_nginx_proxy_proxy_sygnal_enabled: "{{ matrix_sygnal_enabled }}"
-matrix_nginx_proxy_proxy_ntfy_enabled: "{{ matrix_ntfy_enabled }}"
+matrix_nginx_proxy_proxy_ntfy_enabled: "{{ ntfy_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"

 matrix_nginx_proxy_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
 matrix_nginx_proxy_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
@ -2404,7 +2404,6 @@ matrix_nginx_proxy_container_labels_traefik_proxy_etherpad_enabled: "{{ matrix_e
 matrix_nginx_proxy_container_labels_traefik_proxy_bot_go_neb_enabled: "{{ matrix_bot_go_neb_enabled }}"
 matrix_nginx_proxy_container_labels_traefik_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}"
 matrix_nginx_proxy_container_labels_traefik_proxy_sygnal_enabled: "{{ matrix_sygnal_enabled }}"
-matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_enabled: "{{ matrix_ntfy_enabled }}"

 matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: "{{ matrix_corporal_enabled and matrix_corporal_http_api_enabled }}"
 matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081"
@ -2486,7 +2485,7 @@ matrix_nginx_proxy_systemd_wanted_services_list: |
    +
    (['matrix-sygnal.service'] if matrix_sygnal_enabled else [])
    +
-    (['matrix-ntfy.service'] if matrix_ntfy_enabled else [])
+    ([(ntfy_identifier + '.service')] if ntfy_enabled else [])
    +
    (['matrix-jitsi.service'] if matrix_jitsi_enabled else [])
    +
@ -2523,7 +2522,7 @@ matrix_ssl_domains_to_obtain_certificates_for: |
    +
    ([matrix_server_fqn_sygnal] if matrix_sygnal_enabled else [])
    +
-    ([matrix_server_fqn_ntfy] if matrix_ntfy_enabled else [])
+    ([ntfy_hostname] if ntfy_enabled else [])
    +
    (matrix_bot_postmoogle_domains if matrix_bot_postmoogle_enabled else [])
    +
@ -2886,17 +2885,39 @@ matrix_sygnal_container_http_host_bind_port: "{{ (matrix_playbook_service_host_b

 ######################################################################
 #
-# matrix-ntfy
+# etke/ntfy
 #
 ######################################################################

-matrix_ntfy_enabled: false
+ntfy_enabled: false

-matrix_ntfy_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '2586') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
+ntfy_identifier: matrix-ntfy
+
+ntfy_base_path: "{{ matrix_base_data_path }}/ntfy"
+
+ntfy_uid: "{{ matrix_user_uid }}"
+ntfy_gid: "{{ matrix_user_gid }}"
+
+ntfy_hostname: "{{ matrix_server_fqn_ntfy }}"
+
+ntfy_container_network: "{{ matrix_nginx_proxy_container_network if matrix_playbook_reverse_proxy_type == 'playbook-managed-nginx' else ntfy_identifier }}"
+
+ntfy_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [] }}"
+
+ntfy_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '2586') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
+
+ntfy_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
+ntfy_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
+ntfy_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
+
+ntfy_visitor_request_limit_exempt_hosts_hostnames_auto: |
+  {{
+    [matrix_server_fqn_matrix]
+  }}

 ######################################################################
 #
-# /matrix-ntfy
+# /etky/ntfy
 #
 ######################################################################

--- a/playbooks/matrix.yml
+++ b/playbooks/matrix.yml
@ -105,7 +105,7 @@
    - custom/matrix-etherpad
    - custom/matrix-email2matrix
    - custom/matrix-sygnal
-    - custom/matrix-ntfy
+    - galaxy/ntfy
    - custom/matrix-nginx-proxy
    - custom/matrix-coturn
    - custom/matrix-aux
--- a/requirements.yml
+++ b/requirements.yml
@ -42,6 +42,9 @@
 - src: git+https://gitlab.com/etke.cc/roles/grafana.git
  version: v9.3.6-1

+- src: git+https://gitlab.com/etke.cc/roles/ntfy.git
+  version: v2.0.0-0
+
 - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git
  version: fb09fd26f877372417d5586f1e79e83f983f0bd6

--- a/roles/custom/matrix-nginx-proxy/defaults/main.yml
+++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml
@ -91,11 +91,6 @@ matrix_nginx_proxy_container_labels_traefik_proxy_sygnal_hostname: "{{ matrix_se
 matrix_nginx_proxy_container_labels_traefik_proxy_sygnal_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
 matrix_nginx_proxy_container_labels_traefik_proxy_sygnal_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_sygnal_hostname }}`)"

-matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_enabled: false
-matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_hostname: "{{ matrix_server_fqn_ntfy }}"
-matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}"
-matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_hostname }}`)"
-
 # matrix_nginx_proxy_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
 # See `../templates/labels.j2` for details.
 #
--- a/roles/custom/matrix-nginx-proxy/templates/labels.j2
+++ b/roles/custom/matrix-nginx-proxy/templates/labels.j2
@ -109,18 +109,6 @@ traefik.http.routers.matrix-nginx-proxy-sygnal.entrypoints={{ matrix_nginx_proxy
 {% endif %}


-{% if matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_enabled %}
-# ntfy
-traefik.http.routers.matrix-nginx-proxy-ntfy.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_rule }}
-traefik.http.routers.matrix-nginx-proxy-ntfy.service=matrix-nginx-proxy-web
-traefik.http.routers.matrix-nginx-proxy-ntfy.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_tls | to_json }}
-{% if matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_tls %}
-traefik.http.routers.matrix-nginx-proxy-ntfy.tls.certResolver={{ matrix_nginx_proxy_container_labels_traefik_tls_certResolver }}
-{% endif %}
-traefik.http.routers.matrix-nginx-proxy-ntfy.entrypoints={{ matrix_nginx_proxy_container_labels_traefik_entrypoints }}
-{% endif %}
-
-
 traefik.http.services.matrix-nginx-proxy-web.loadbalancer.server.port=8080

 {% if matrix_nginx_proxy_proxy_matrix_federation_api_enabled %}
--- a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2
+++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2
@ -21,7 +21,7 @@
 		{% if matrix_nginx_proxy_enabled %}
 			{# Use the embedded DNS resolver in Docker containers to discover the service #}
 			resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s;
-			set $backend "matrix-ntfy:8080";
+			set $backend "matrix-ntfy:80";
 			proxy_pass http://$backend;
 		{% else %}
 			{# Generic configuration for use outside of our container setup #}
--- a/roles/custom/matrix-ntfy/defaults/main.yml
+++ b/roles/custom/matrix-ntfy/defaults/main.yml
@ -1,56 +0,0 @@
---
-# Project source code URL: https://github.com/binwiederhier/ntfy
-
-matrix_ntfy_enabled: true
-
-matrix_ntfy_base_path: "{{ matrix_base_data_path }}/ntfy"
-matrix_ntfy_config_dir_path: "{{ matrix_ntfy_base_path }}/config"
-matrix_ntfy_data_path: "{{ matrix_ntfy_base_path }}/data"
-
-matrix_ntfy_version: v2.0.0
-matrix_ntfy_docker_image: "{{ matrix_container_global_registry_prefix }}binwiederhier/ntfy:{{ matrix_ntfy_version }}"
-matrix_ntfy_docker_image_force_pull: "{{ matrix_ntfy_docker_image.endswith(':latest') }}"
-
-# Public facing base URL of the ntfy service
-matrix_ntfy_base_url: "https://{{ matrix_server_fqn_ntfy }}"
-
-# Rate limits
-
-matrix_ntfy_global_topic_limit: 15000  # default
-matrix_ntfy_visitor_subscription_limit: 30  # default
-matrix_ntfy_visitor_request_limit_burst: 60  # default
-matrix_ntfy_visitor_request_limit_replenish: "5s"  # default
-
-
-# Controls whether the container exposes its HTTP port (tcp/80 in the container).
-#
-# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:2586"), or empty string to not expose.
-matrix_ntfy_container_http_host_bind_port: ''
-
-# A list of extra arguments to pass to the container (`docker run` command)
-matrix_ntfy_container_extra_arguments: []
-
-# Controls whether the self-check feature should validate SSL certificates.
-matrix_ntfy_self_check_validate_certificates: true
-
-# Default ntfy configuration template which covers the generic use case.
-# You can customize it by controlling the various variables inside it.
-#
-# For a more advanced customization, you can extend the default (see `matrix_ntfy_configuration_extension_yaml`)
-# or completely replace this variable with your own template.
-matrix_ntfy_configuration_yaml: "{{ lookup('template', 'templates/ntfy/server.yml.j2') }}"
-
-matrix_ntfy_configuration_extension_yaml: |
-  # Your custom YAML configuration for ntfy goes here.
-  # This configuration extends the default starting configuration (`matrix_ntfy_configuration_yaml`).
-  #
-  # You can override individual variables from the default configuration, or introduce new ones.
-  #
-  # If you need something more special, you can take full control by
-  # completely redefining `matrix_ntfy_configuration_yaml`.
-
-matrix_ntfy_configuration_extension: "{{ matrix_ntfy_configuration_extension_yaml | from_yaml if matrix_ntfy_configuration_extension_yaml | from_yaml is mapping else {} }}"
-
-# Holds the final ntfy configuration (a combination of the default and its extension).
-# You most likely don't need to touch this variable. Instead, see `matrix_ntfy_configuration_yaml`.
-matrix_ntfy_configuration: "{{ matrix_ntfy_configuration_yaml | from_yaml | combine(matrix_ntfy_configuration_extension, recursive=True) }}"
--- a/roles/custom/matrix-ntfy/tasks/main.yml
+++ b/roles/custom/matrix-ntfy/tasks/main.yml
@ -1,23 +0,0 @@
---
-
- block:
-    - when: matrix_ntfy_enabled | bool
-      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
-  tags:
-    - setup-all
-    - setup-ntfy
-    - install-all
-    - install-ntfy
-
- block:
-    - when: not matrix_ntfy_enabled | bool
-      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
-  tags:
-    - setup-all
-    - setup-ntfy
-
- block:
-    - when: matrix_ntfy_enabled | bool
-      ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check.yml"
-  tags:
-    - self-check
--- a/roles/custom/matrix-ntfy/tasks/self_check.yml
+++ b/roles/custom/matrix-ntfy/tasks/self_check.yml
@ -1,27 +0,0 @@
---
-
-# Query an arbitrary ntfy topic using ntfy's UnifiedPush topic name syntax.
-# Expect an empty response (because we query 'since=1s').
-
- ansible.builtin.set_fact:
-    matrix_ntfy_url_endpoint_public: "{{ matrix_ntfy_base_url }}/upSELFCHECK123/json?poll=1&since=1s"
-
- name: Check ntfy
-  ansible.builtin.uri:
-    url: "{{ matrix_ntfy_url_endpoint_public }}"
-    follow_redirects: none
-    validate_certs: "{{ matrix_ntfy_self_check_validate_certificates }}"
-  register: matrix_ntfy_self_check_result
-  check_mode: false
-  ignore_errors: true
-  delegate_to: 127.0.0.1
-  become: false
-
- name: Fail if ntfy not working
-  ansible.builtin.fail:
-    msg: "Failed checking ntfy is up at `{{ matrix_server_fqn_ntfy }}` (checked endpoint: `{{ matrix_ntfy_url_endpoint_public }}`). Is ntfy running? Is port 443 open in your firewall? Full error: {{ matrix_ntfy_self_check_result }}"
-  when: "matrix_ntfy_self_check_result.failed"
-
- name: Report working ntfy
-  ansible.builtin.debug:
-    msg: "ntfy at `{{ matrix_server_fqn_ntfy }}` is working (checked endpoint: `{{ matrix_ntfy_url_endpoint_public }}`)"
--- a/roles/custom/matrix-ntfy/tasks/setup_install.yml
+++ b/roles/custom/matrix-ntfy/tasks/setup_install.yml
@ -1,38 +0,0 @@
---
-
- name: Ensure matrix-ntfy image is pulled
-  community.docker.docker_image:
-    name: "{{ matrix_ntfy_docker_image }}"
-    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_ntfy_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_ntfy_docker_image_force_pull }}"
-  register: result
-  retries: "{{ devture_playbook_help_container_retries_count }}"
-  delay: "{{ devture_playbook_help_container_retries_delay }}"
-  until: result is not failed
-
- name: Ensure matrix-ntfy paths exists
-  ansible.builtin.file:
-    path: "{{ item }}"
-    state: directory
-    mode: 0750
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
-  with_items:
-    - "{{ matrix_ntfy_base_path }}"
-    - "{{ matrix_ntfy_config_dir_path }}"
-    - "{{ matrix_ntfy_data_path }}"
-
- name: Ensure matrix-ntfy config installed
-  ansible.builtin.copy:
-    content: "{{ matrix_ntfy_configuration | to_nice_yaml(indent=2, width=999999) }}"
-    dest: "{{ matrix_ntfy_config_dir_path }}/server.yml"
-    mode: 0644
-    owner: "{{ matrix_user_username }}"
-    group: "{{ matrix_user_groupname }}"
-
- name: Ensure matrix-ntfy.service installed
-  ansible.builtin.template:
-    src: "{{ role_path }}/templates/systemd/matrix-ntfy.service.j2"
-    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ntfy.service"
-    mode: 0644
--- a/roles/custom/matrix-ntfy/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-ntfy/tasks/setup_uninstall.yml
@ -1,25 +0,0 @@
---
-
- name: Check existence of matrix-ntfy service
-  ansible.builtin.stat:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ntfy.service"
-  register: matrix_ntfy_service_stat
-
- when: matrix_ntfy_service_stat.stat.exists | bool
-  block:
-    - name: Ensure matrix-ntfy is stopped
-      ansible.builtin.service:
-        name: matrix-ntfy
-        state: stopped
-        enabled: false
-        daemon_reload: true
-
-    - name: Ensure matrix-ntfy.service doesn't exist
-      ansible.builtin.file:
-        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ntfy.service"
-        state: absent
-
-    - name: Ensure matrix-ntfy path doesn't exist
-      ansible.builtin.file:
-        path: "{{ matrix_ntfy_base_path }}"
-        state: absent
--- a/roles/custom/matrix-ntfy/templates/ntfy/server.yml.j2
+++ b/roles/custom/matrix-ntfy/templates/ntfy/server.yml.j2
@ -1,11 +0,0 @@
-base_url: {{ matrix_ntfy_base_url }}
-behind_proxy: true
-cache_file: /data/cache.db
-listen-http: :8080
-
-# Rate Limits
-global-topic-limit: {{ matrix_ntfy_global_topic_limit | to_json }}
-visitor-subscription-limit: {{ matrix_ntfy_visitor_subscription_limit | to_json }}
-
-visitor-request-limit-burst: {{ matrix_ntfy_visitor_request_limit_burst | to_json }}
-visitor-request-limit-replenish: "{{ matrix_ntfy_visitor_request_limit_replenish }}"
--- a/roles/custom/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2
+++ b/roles/custom/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2
@ -1,39 +0,0 @@
-#jinja2: lstrip_blocks: "True"
-[Unit]
-Description=matrix-ntfy
-After=docker.service
-Requires=docker.service
-DefaultDependencies=no
-
-[Service]
-Type=simple
-Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
-ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-ntfy 2>/dev/null || true'
-ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ntfy 2>/dev/null || true'
-
-ExecStart={{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-ntfy \
-			--log-driver=none \
-			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
-			--cap-drop=ALL \
-			--read-only \
-			--env NTFY_VISITOR_REQUEST_LIMIT_EXEMPT_HOSTS={{matrix_server_fqn_matrix}},localhost,$(docker network inspect {{matrix_docker_network}} -f "{% raw %}{{ (index .IPAM.Config 0).Subnet }}{% endraw %}") \
-			{% for arg in matrix_ntfy_container_extra_arguments %}
-			{{ arg }} \
-			{% endfor %}
-			--network={{ matrix_docker_network }} \
-			{% if matrix_ntfy_container_http_host_bind_port %}
-			-p {{ matrix_ntfy_container_http_host_bind_port }}:8080 \
-			{% endif %}
-			--mount type=bind,src={{ matrix_ntfy_config_dir_path }},dst=/etc/ntfy,ro \
-			--mount type=bind,src={{ matrix_ntfy_data_path }},dst=/data \
-			{{ matrix_ntfy_docker_image }} \
-			serve'
-
-ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-ntfy 2>/dev/null || true'
-ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ntfy 2>/dev/null || true'
-Restart=always
-RestartSec=30
-SyslogIdentifier=matrix-ntfy
-
-[Install]
-WantedBy=multi-user.target
--- a/roles/custom/matrix_playbook_migration/defaults/main.yml
+++ b/roles/custom/matrix_playbook_migration/defaults/main.yml
@ -11,3 +11,6 @@ matrix_playbook_migration_matrix_backup_borg_migration_validation_enabled: true

 # Controls if (`matrix_grafana` -> `grafana`) validation will run.
 matrix_playbook_migration_matrix_grafana_migration_validation_enabled: true
+
+# Controls if (`matrix_ntfy` -> `ntfy`) validation will run.
+matrix_playbook_migration_matrix_ntfy_migration_validation_enabled: true
--- a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml
+++ b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml
@ -82,7 +82,7 @@
      when: "matrix_playbook_migration_matrix_prometheus_postgres_exporter_migration_vars | length > 0"

 - when: matrix_playbook_migration_matrix_backup_borg_migration_validation_enabled | bool
-  block:
+  block:ntfy
    - ansible.builtin.set_fact:
        matrix_playbook_migration_backup_borg_migration_vars: |-
          {{ vars | dict2items | selectattr('key', 'match', 'matrix_backup_borg_.*') | list | items2dict }}
@ -110,3 +110,18 @@
          Please change your configuration (vars.yml) to rename all variables (`matrix_grafana_` -> `grafana_`).
          We found usage of the following variables: {{ matrix_playbook_migration_grafana_migration_vars.keys() | join(', ') }}
      when: "matrix_playbook_migration_grafana_migration_vars | length > 0"
+
+- when: matrix_playbook_migration_matrix_ntfy_migration_validation_enabled | bool
+  block:
+    - ansible.builtin.set_fact:
+        matrix_playbook_migration_ntfy_migration_vars: |-
+          {{ vars | dict2items | selectattr('key', 'match', 'matrix_ntfy_.*') | list | items2dict }}
+
+    - name: (Deprecation) Catch and report matrix_ntfy variables
+      ansible.builtin.fail:
+        msg: >-
+          The matrix-ntfy role that used to be part of this playbook has been replaced by https://gitlab.com/etke.cc/roles/ntfy.
+          The new role is compatible with the old one, but uses different names for its variables.
+          Please change your configuration (vars.yml) to rename all variables (`matrix_ntfy_` -> `ntfy_`).
+          We found usage of the following variables: {{ matrix_playbook_migration_ntfy_migration_vars.keys() | join(', ') }}
+      when: "matrix_playbook_migration_ntfy_migration_vars | length > 0"