configpolicy/roles/ntfy/tasks/main.yml

- name: ensure ntfy system group exists
  group:
    name: ntfy
    system: true
    state: present
  tags:
  - user
  - group
- name: ensure ntfy system user exists
  user:
    name: ntfy
    group: ntfy
    system: true
    home: /var/lib/ntfy
    createhome: no
    state: present
  tags:
  - user

- name: ensure ntfy data directory exists
  file:
    path: /var/lib/ntfy
    mode: u=rwx,go=
    owner: ntfy
    group: ntfy
    state: directory
  tags:
  - datadir

- name: download ntfy archive
  become: false
  delegate_to: localhost
  get_url:
    url: '{{ ntfy_download_url }}'
    dest: roles/ntfy/files/{{ ntfy_archive_file }}
    checksum: sha256:{{ ntfy_archive_sha256 }}
  tags:
  - download
- name: extract ntfy archive
  become: false
  delegate_to: localhost
  unarchive:
    src: '{{ playbook_dir }}/roles/ntfy/files/{{ ntfy_archive_file }}'
    dest: '{{ playbook_dir }}/roles/ntfy/files'
    creates: roles/ntfy/files/{{ ntfy_archive_name }}/ntfy
    remote_src: true
  tags:
  - download
  - unarchive

- name: ensure ntfy is installed
  copy:
    src: roles/ntfy/files/{{ ntfy_archive_name }}/ntfy
    dest: /usr/local/bin/ntfy
    mode: u=rwx,go=rx
    owner: root
    group: root
  args:
    diff: false
  tags:
  - install

- name: ensure ntfy systemd unit is installed
  copy:
    src: ntfy.service
    dest: /etc/systemd/system/ntfy.service
    mode: u=rw,go=r
    owner: root
    group: root
  notify:
  - reload systemd
  tags:
  - systemd

- name: ensure ntfy configuration directory exists
  file:
    path: /etc/ntfy
    mode: u=rwx,g=rx,o=
    owner: root
    group: ntfy
    state: directory
  tags:
  - config
- name: ensure ntfy is configured
  copy:
    dest: /etc/ntfy/server.yml
    mode: u=rw,g=r,o=
    owner: root
    group: ntfy
    content: |
      {{ ntfy_config|to_nice_yaml }}      
  notify:
  - restart ntfy
  tags:
  - config

- name: ensure ntfy starts at boot
  service:
    name: ntfy
    enabled: true
  tags:
  - service
- name: flush handlers
  meta: flush_handlers
- name: ensure ntfy is running
  service:
    name: ntfy
    state: started
  tags:
  - service

- name: ensure selinux allows apache to proxy for ntfy
  seboolean:
    name: httpd_can_network_connect
    persistent: true
    state: true
  tags:
  - selinux
- name: ensure apache is configured to proxy for ntfy
  template:
    src: ntfy.httpd.conf.j2
    dest: /etc/httpd/conf.d/ntfy.conf
    mode: u=rw,go=r
    owner: root
    group: root
  notify:
  - reload httpd
  tags:
  - apache-config