diff options
author | Mike Iversen <miversen33@gmail.com> | 2023-09-12 07:28:52 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-09-12 15:28:52 +0300 |
commit | 13e6354d3d803112beef003bf0a3210474b5dfdd (patch) | |
tree | e765326bcfd3d7e72ae733c3abb77da6df4a2c4d /health | |
parent | ef48d88a118188f6cb4f6a00172d782a2eba8e8c (diff) |
feat: Adds access control configuration for ntfy (#15932)
Co-authored-by: ilyam8 <ilya@netdata.cloud>
Diffstat (limited to 'health')
-rwxr-xr-x | health/notifications/alarm-notify.sh.in | 14 | ||||
-rwxr-xr-x | health/notifications/health_alarm_notify.conf | 9 | ||||
-rw-r--r-- | health/notifications/ntfy/README.md | 33 | ||||
-rw-r--r-- | health/notifications/ntfy/metadata.yaml | 21 |
4 files changed, 77 insertions, 0 deletions
diff --git a/health/notifications/alarm-notify.sh.in b/health/notifications/alarm-notify.sh.in index e8dfe45d0d..73a767e699 100755 --- a/health/notifications/alarm-notify.sh.in +++ b/health/notifications/alarm-notify.sh.in @@ -2450,9 +2450,23 @@ send_ntfy() { *) priority="default" ;; esac + # Adding ntfy header generation logic + # Heavily inspired by https://github.com/nickexyz/ntfy-shellscripts/blob/main/sabnzbd.sh + tmp_header="" + if [[ -n "${NTFY_USERNAME}" ]] && [[ -n "${NTFY_PASSWORD}" ]]; then + ntfy_base64=$( echo -n "$NTFY_USERNAME:$NTFY_PASSWORD" | base64 ) + tmp_header="Authorization: Basic ${ntfy_base64}" + elif [ -n "${NTFY_ACCESS_TOKEN}" ]; then + tmp_header="Authorization: Bearer ${NTFY_ACCESS_TOKEN}" + fi + ntfy_auth_header=() + if [ -n "${tmp_header}" ]; then + ntfy_auth_header=("-H" "${tmp_header}") + fi for recipient in ${recipients}; do msg="${host} ${status_message}: ${alarm} - ${info}" httpcode=$(docurl -X POST \ + "${ntfy_auth_header[@]}" \ -H "Icon: https://raw.githubusercontent.com/netdata/netdata/master/web/gui/dashboard/images/favicon-196x196.png" \ -H "Title: ${host}: ${name//_/ }" \ -H "Tags: ${emoji}" \ diff --git a/health/notifications/health_alarm_notify.conf b/health/notifications/health_alarm_notify.conf index ddbb8ab59c..eb93246770 100755 --- a/health/notifications/health_alarm_notify.conf +++ b/health/notifications/health_alarm_notify.conf @@ -860,6 +860,15 @@ DEFAULT_RECIPIENT_MATRIX="" # enable/disable sending ntfy notifications SEND_NTFY="YES" +# optional NTFY username +NTFY_USERNAME="" + +# optional NTFY password +NTFY_PASSWORD="" + +# optional NTFY access token +NTFY_ACCESS_TOKEN="" + # if a role's recipients are not configured, a notification will be sent to # this ntfy server / topic combination (empty = do not send a notification for # unconfigured roles). diff --git a/health/notifications/ntfy/README.md b/health/notifications/ntfy/README.md index b37a0db7e6..b2875ad081 100644 --- a/health/notifications/ntfy/README.md +++ b/health/notifications/ntfy/README.md @@ -17,6 +17,7 @@ This is what you will get: You will need: - (Optional) A [self-hosted ntfy server](https://docs.ntfy.sh/faq/#can-i-self-host-it), in case you don't want to use https://ntfy.sh +- (Optional) [Credentials](https://docs.ntfy.sh/config/?h=token#access-control) to publish to a private topic - A new [topic](https://ntfy.sh/#subscribe) for the notifications to be published to - terminal access to the Agent you wish to configure @@ -39,6 +40,38 @@ Edit `health_alarm_notify.conf`, changes to this file do not require restarting You can define multiple recipient URLs like this: `https://SERVER1/TOPIC1 https://SERVER2/TOPIC2` All roles will default to this variable if it is not configured. +> ### Authentication +> If you have access to a self hosted instance of ntfy, you can send notifications to private topics provided you have valid credentials to do so +> + +An example of a working configuration utilizing username `netdata` and password `PASSWORD` and a private topic `netdata` on `YOUR_PRIVATE_INSTANCE` would be: + +```conf +SEND_NFTY="YES" +DEFAULT_RECIPIENT_NTFY="https://YOUR_PRIVATE_INSTANCE/netdata" +NTFY_USERNAME="netdata" +NTFY_PASSWORD="PASSWORD" +``` + +> ### Note +> Be sure that user `netdata` has `rw` permissions for the topic `netdata` +> + +An example of a working configuration utilizing token `f650986d-566b-45c0-9a63-5ca394dce359` geneated by ntfy for user `netdata` would be: + +```conf +SEND_NFTY="YES" +DEFAULT_RECIPIENT_NTFY="https://YOUR_PRIVATE_INSTANCE/netdata" +NTFY_ACCESS_TOKEN="f650986d-566b-45c0-9a63-5ca394dce359" +``` + +> ### Note +> Tokens are generated by ntfy. You will need to utilize a token provided by ntfy. **Do not specify a custom token here** +> +> Ensure the user `netdata` has `rw` permission for the topic `netdata` +> +> If a token and username/password credentials are provided, the token will be used as opposed to the username/password credentials + > ### Warning > All topics published on https://ntfy.sh are public, so anyone can subscribe to them and follow your notifications. To avoid that, ensure the topic is unique enough using a long, randomly generated ID, like in the following examples. > diff --git a/health/notifications/ntfy/metadata.yaml b/health/notifications/ntfy/metadata.yaml index cde57fd4d2..0d6c0beac6 100644 --- a/health/notifications/ntfy/metadata.yaml +++ b/health/notifications/ntfy/metadata.yaml @@ -53,6 +53,27 @@ role_recipients_ntfy[proxyadmin]="https://SERVER5/TOPIC5" role_recipients_ntfy[sitemgr]="https://SERVER6/TOPIC6" ``` + - name: 'NTFY_USERNAME' + default_value: '' + description: "The username for netdata to use to authenticate with an ntfy server." + required: false + detailed_description: | + Only useful on self-hosted ntfy instances. See [users and roles](https://docs.ntfy.sh/config/#users-and-roles) for details. + Ensure that your user has proper read/write access to the provided topic in `DEFAULT_RECIPIENT_NTFY` + - name: 'NTFY_PASSWORD' + default_value: '' + description: "The password for netdata to use to authenticate with an ntfy server." + required: false + detailed_description: | + Only useful on self-hosted ntfy instances. See [users and roles](https://docs.ntfy.sh/config/#users-and-roles) for details. + Ensure that your user has proper read/write access to the provided topic in `DEFAULT_RECIPIENT_NTFY` + - name: 'NTFY_ACCESS_TOKEN' + default_value: '' + description: "The access token for netdata to use to authenticate with an ntfy server." + required: false + detailed_description: | + This can be used in place of `NTFY_USERNAME` and `NTFY_PASSWORD` to authenticate with a self-hosted ntfy instance. See [access tokens](https://docs.ntfy.sh/config/?h=access+to#access-tokens) for details. + Ensure that the token user has proper read/write access to the provided topic in `DEFAULT_RECIPIENT_NTFY` examples: folding: enabled: true |