49d2bca6fe
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [docker.io/binwiederhier/ntfy](https://ntfy.sh/) ([source](https://redirect.github.com/binwiederhier/ntfy)) | minor | `f8a9b10` → `cfbbb1b` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Release Notes <details> <summary>binwiederhier/ntfy (docker.io/binwiederhier/ntfy)</summary> ### [`v2.25.0`](https://redirect.github.com/binwiederhier/ntfy/releases/tag/v2.25.0) [Compare Source](https://redirect.github.com/binwiederhier/ntfy/compare/v2.24.0...v2.25.0) This release adds **password reset** via email, and reworks email verification to use durable, link-based magic links (replacing the old in-memory 6-digit codes). Email stays optional at signup; a user can reset their password only once they have a verified "primary" (recovery)email. All of this work is probably not useful for self-hosters, but it hopefully will be useful for me, since I do have to reset accounts on a regular basis. **Security issues:** - Generate access tokens, IDs, and magic-link tokens with a cryptographically secure RNG (`crypto/rand`) instead of a clock-seeded PRNG **Features:** - Add password reset via emailed magic link, with a "Forgot password" link on the login page and a `ntfy user reset-pass` CLI command for admins - Rework email verification to use durable, single-use, expiring magic links instead of in-memory 6-digit codes, and add a "primary" email (used for account recovery and as the `X-Email: yes` target) with verified/unverified state in the account UI - You can now clear/read messages and delete messages with a GET request ([#​1771](https://redirect.github.com/binwiederhier/ntfy/issues/1771), thanks to [@​lemmi](https://redirect.github.com/lemmi) for reporting and to [@​wunter8](https://redirect.github.com/wunter8) for implementing) - Add a reload button to the web app's action bar when running as an installed PWA, which clears the service worker caches and hard-refreshes the app - Add a "Back to app" link to the web app's login, signup, and password-reset pages (alongside the existing links), which previously had no way back to the app **Bug fixes + maintenance:** - `X-Email: yes` (also `true`/`1`) now sends to your primary verified email regardless of the `smtp-sender-verify` setting (previously it was rejected unless verification was enabled); it requires being logged in with a verified address - Grant users full access to their own sync topic (`st_...`) so cross-device subscription sync works under `auth-default-access: deny-all` ([#​733](https://redirect.github.com/binwiederhier/ntfy/issues/733), [#​1795](https://redirect.github.com/binwiederhier/ntfy/pull/1795), thanks to [@​lmorchard](https://redirect.github.com/lmorchard) for the contribution) - Support HTTP (non-TLS) S3-compatible endpoints by preserving the endpoint scheme, e.g. for a local MinIO instance ([#​1794](https://redirect.github.com/binwiederhier/ntfy/pull/1794), [#​1734](https://redirect.github.com/binwiederhier/ntfy/issues/1734), thanks to [@​sskender](https://redirect.github.com/sskender) for the contribution, and [@​Kernald](https://redirect.github.com/Kernald) for reporting) - Stop silently stripping spaces from passwords while typing in the web app's login, signup, and password-reset forms ([#​1246](https://redirect.github.com/binwiederhier/ntfy/issues/1246), thanks to [@​aldem](https://redirect.github.com/aldem) for reporting) - Update web app dependencies, including major-version upgrades to Vite (6 -> 8, now Rolldown-based), Material UI (5 -> 9), and Dexie (3 -> 4) ([#​1800](https://redirect.github.com/binwiederhier/ntfy/pull/1800), [#​1764](https://redirect.github.com/binwiederhier/ntfy/pull/1764), [#​1767](https://redirect.github.com/binwiederhier/ntfy/pull/1767), [#​1762](https://redirect.github.com/binwiederhier/ntfy/pull/1762), [#​1766](https://redirect.github.com/binwiederhier/ntfy/pull/1766), [#​1765](https://redirect.github.com/binwiederhier/ntfy/pull/1765), thanks Dependabot) - Play notification sounds in the web app even when the Notification API is unavailable, e.g. over plain HTTP or in browsers without notification support ([#​1772](https://redirect.github.com/binwiederhier/ntfy/pull/1772), thanks to [@​mitya12342](https://redirect.github.com/mitya12342) for the contribution) - Stop escaping `<`, `>`, and `&` as `\u003c`/`\u003e`/`\u0026` in JSON responses ([#​1511](https://redirect.github.com/binwiederhier/ntfy/issues/1511), [#​1512](https://redirect.github.com/binwiederhier/ntfy/pull/1512), thanks to [@​wunter8](https://redirect.github.com/wunter8) for the contribution) - Fix the web app navbar not reflecting a topic reservation (lock icon, and "Reserve topic" -> "Change reservation"/"Remove reservation" menu) until a page reload, by persisting reservation and display-name changes onto already-subscribed topics during account sync - Reduce the web app's initial bundle size by \~300 KB (\~50 KB gzipped) by lazy-loading the emoji picker dataset and the Markdown renderer, and by importing Material UI icons individually </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9udGZ5IiwiYXV0b21lcmdlIiwicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9taW5vciJdfQ==-->
105 lines
3.8 KiB
YAML
105 lines
3.8 KiB
YAML
# yaml-language-server: $schema=./values.schema.json
|
|
image:
|
|
repository: docker.io/binwiederhier/ntfy
|
|
tag: v2.25.0@sha256:cfbbb1bac9196cb711e29ef0ac4adaeb033be6235f1df857705dc39c14384a1d
|
|
pullPolicy: IfNotPresent
|
|
service:
|
|
main:
|
|
ports:
|
|
main:
|
|
port: 10222
|
|
persistence:
|
|
config:
|
|
enabled: true
|
|
mountPath: "/etc/ntfy"
|
|
cache:
|
|
enabled: true
|
|
mountPath: "/var/cache/ntfy"
|
|
configmap:
|
|
ntfy:
|
|
enabled: true
|
|
data:
|
|
# If a path is set, it enables this options. To disable set to empty path
|
|
NTFY_ATTACHMENT_CACHE_DIR: '{{ ternary "/var/cache/ntfy/attachments" "" .Values.workload.main.podSpec.containers.main.env.ENABLE_ATTACHMENT_CACHE_DIR }}'
|
|
NTFY_CACHE_FILE: '{{ ternary "/var/cache/ntfy/cache.db" "" .Values.workload.main.podSpec.containers.main.env.ENABLE_CACHE_FILE }}'
|
|
NTFY_AUTH_FILE: '{{ ternary "/etc/ntfy/user.db" "" .Values.workload.main.podSpec.containers.main.env.ENABLE_AUTH_FILE }}'
|
|
NTFY_FIREBASE_KEY_FILE: '{{ ternary "/etc/ntfy/firebase-key.json" "" .Values.workload.main.podSpec.containers.main.env.ENABLE_FIREBASE_FILE }}'
|
|
|
|
workload:
|
|
main:
|
|
podSpec:
|
|
containers:
|
|
main:
|
|
probes:
|
|
liveness:
|
|
type: tcp
|
|
readiness:
|
|
type: tcp
|
|
startup:
|
|
type: tcp
|
|
args:
|
|
- "serve"
|
|
env:
|
|
NTFY_LISTEN_HTTP: ":{{ .Values.service.main.ports.main.port }}"
|
|
# User Defined
|
|
NTFY_BASE_URL: "http://localhost:10222"
|
|
NTFY_BEHIND_PROXY: false
|
|
ENABLE_FIREBASE_FILE: false
|
|
ENABLE_CACHE_FILE: false
|
|
ENABLE_ATTACHMENT_CACHE_DIR: false
|
|
ENABLE_AUTH_FILE: false
|
|
NTFY_ENABLE_METRICS: "{{ .Values.metrics.main.enabled }}"
|
|
NTFY_UPSTREAM_BASE_URL: "https://ntfy.sh"
|
|
# NTFY_CACHE_DURATION: "12h"
|
|
# NTFY_KEEPALIVE_INTERVAL: "45s"
|
|
# NTFY_MANAGER_INTERVAL: "1m"
|
|
# NTFY_GLOBAL_TOPIC_LIMIT: 15000
|
|
# NTFY_VISITOR_SUBSCRIPTION_LIMIT: 30
|
|
# NTFY_VISITOR_ATTACHMENT_TOTAL_SIZE_LIMIT: "100M"
|
|
# NTFY_VISITOR_ATTACHMENT_DAILY_BANDWIDTH_LIMIT: "500M"
|
|
# NTFY_VISITOR_REQUEST_LIMIT_BURST: 60
|
|
# NTFY_VISITOR_REQUEST_LIMIT_REPLENISH: "5s"
|
|
# NTFY_VISITOR_REQUEST_LIMIT_EXEMPT_HOSTS: ""
|
|
# NTFY_VISITOR_EMAIL_LIMIT_BURST: 16
|
|
# NTFY_VISITOR_EMAIL_LIMIT_REPLENISH: "1h"
|
|
# NTFY_ATTACHMENT_TOTAL_SIZE_LIMIT: "5G"
|
|
# NTFY_ATTACHMENT_FILE_SIZE_LIMIT: "15M"
|
|
# NTFY_ATTACHMENT_EXPIRY_DURATION: "3h"
|
|
# NTFY_AUTH_DEFAULT_ACCESS: "read-write"
|
|
# NTFY_SMTP_SENDER_ADDR: ""
|
|
# NTFY_SMTP_SENDER_USER: ""
|
|
# NTFY_SMTP_SENDER_PASS: ""
|
|
# NTFY_SMTP_SENDER_FROM: ""
|
|
# NTFY_SMTP_SERVER_LISTEN: ""
|
|
# NTFY_SMTP_SERVER_DOMAIN: ""
|
|
# NTFY_SMTP_SERVER_ADDR_PREFIX: ""
|
|
envFrom:
|
|
- configMapRef:
|
|
name: "ntfy"
|
|
metrics:
|
|
main:
|
|
# -- Enable and configure a Prometheus serviceMonitor for the chart under this key.
|
|
# @default -- See values.yaml
|
|
enabled: false
|
|
type: "servicemonitor"
|
|
endpoints:
|
|
- port: main
|
|
path: /metrics
|
|
# -- Enable and configure Prometheus Rules for the chart under this key.
|
|
# @default -- See values.yaml
|
|
prometheusRule:
|
|
enabled: false
|
|
labels: {}
|
|
# -- Configure additionial rules for the chart under this key.
|
|
# @default -- See prometheusrules.yaml
|
|
rules: []
|
|
# - alert: UnifiPollerAbsent
|
|
# annotations:
|
|
# description: Unifi Poller has disappeared from Prometheus service discovery.
|
|
# summary: Unifi Poller is down.
|
|
# expr: |
|
|
# absent(up{job=~".*unifi-poller.*"} == 1)
|
|
# for: 5m
|
|
# labels:
|
|
# severity: critical
|