From 45d57b9b30f3e5b0851ba5877131f235d37a8950 Mon Sep 17 00:00:00 2001
From: Brian Lee <git@blee.tube>
Date: Mon, 29 May 2023 09:34:09 -0700
Subject: [PATCH] Set up systemd service unit.

---
 defaults/main.yml               |  6 ++-
 files/ntfy-alertmanager.service | 12 +++++
 tasks/main.yml                  | 27 ++++++++++
 templates/config.j2             | 87 +++++++++++++++++++++++++++++++++
 4 files changed, 131 insertions(+), 1 deletion(-)
 create mode 100644 files/ntfy-alertmanager.service
 create mode 100644 templates/config.j2

diff --git a/defaults/main.yml b/defaults/main.yml
index b442d3c..e9601b4 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,2 +1,6 @@
 ---
-ntfy_alertmanager_version: v0.2.0
\ No newline at end of file
+ntfy_alertmanager_version: v0.2.0
+ntfy_alertmanager_base_url: http://127.0.0.1:8080
+ntfy_alertmanager_http_address: "127.0.0.1:8080"
+ntfy_alertmanager_topic_name: alertmanager-alerts
+ntfy_base_url: http://localhost
\ No newline at end of file
diff --git a/files/ntfy-alertmanager.service b/files/ntfy-alertmanager.service
new file mode 100644
index 0000000..55f9b1b
--- /dev/null
+++ b/files/ntfy-alertmanager.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=ntfy-alertmanager server
+After=network.target
+Wants=ntfy.service
+
+[Service]
+User=ntfy
+Group=ntfy
+ExecStart=/usr/local/bin/ntfy-alertmanager
+
+[Install]
+WantedBy=multi-user.target
\ No newline at end of file
diff --git a/tasks/main.yml b/tasks/main.yml
index ad85f14..83770e2 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -23,4 +23,31 @@
     remote_src: true
     src: "{{ ansible_env.HOME }}/src/ntfy-alertmanager/ntfy-alertmanager"
     dest: /usr/local/bin/
+    mode: 0755
+  become: true
+
+- name: Ensure configuration directory for ntfy-alertmanager
+  ansible.builtin.file:
+    path: /etc/ntfy-alertmanager
+    state: directory
+    mode: 0755
+  become: true
+
+- name: Configure ntfy-alertmanager
+  ansible.builtin.template:
+    src: config.j2
+    dest: /etc/ntfy-alertmanager/config
+  become: true
+
+- name: Copy systemd service file for ntfy-alertmanager
+  ansible.builtin.copy:
+    src: ntfy-alertmanager.service
+    dest: /etc/systemd/system/ntfy-alertmanager.service
+  become: true
+
+- name: Ensure ntfy-alertmanager service is enabled
+  ansible.builtin.service:
+    name: ntfy-alertmanager
+    enabled: true
+    state: started
   become: true
\ No newline at end of file
diff --git a/templates/config.j2 b/templates/config.j2
new file mode 100644
index 0000000..656025d
--- /dev/null
+++ b/templates/config.j2
@@ -0,0 +1,87 @@
+# Public facing base URL of the service (e.g. https://ntfy-alertmanager.xenrox.net)
+# This setting is required for the "Silence" feature.
+base-url {{ ntfy_alertmanager_base_url }}
+# http listen address
+http-address {{ ntfy_alertmanager_http_address }}
+# Log level (either debug, info, warning, error)
+log-level info
+# When multiple alerts are grouped together by Alertmanager, they can either be sent
+# each on their own (single mode) or be kept together (multi mode) (either single or multi; default is single)
+alert-mode single
+# Optionally protect with HTTP basic authentication
+#user webhookUser
+#password webhookPass
+
+labels {
+    order "severity,instance"
+
+#   severity "critical" {
+#       priority 5
+#       tags "rotating_light"
+#       icon "https://foo.com/critical.png"
+#       # Forward messages which severity "critical" to the specified email address.
+#       email-address foo@bar.com
+#   }
+
+    severity "info" {
+        priority 1
+    }
+
+#   instance "example.com" {
+#       tags "computer,example"
+#   }
+}
+
+# Settings for resolved alerts
+#resolved {
+#    tags "resolved,partying_face"
+#    icon "https://foo.com/resolved.png"
+#}
+
+ntfy {
+    # URL of the ntfy topic - required
+    topic {{ ntfy_base_url }}/{{ ntfy_alertmanager_topic_name }}
+    # ntfy authentication via Basic Auth (https://docs.ntfy.sh/publish/#username-password)
+#   user user
+#   password pass
+    # ntfy authentication via access tokens (https://docs.ntfy.sh/publish/#access-tokens)
+    # Either access-token or a user/password combination can be used - not both.
+#   access-token foobar
+    # Forward all messages to the specified email address.
+#   email-address foo@bar.com
+}
+
+alertmanager {
+    # If set, the ntfy message will contain a "Silence" button, which can be used
+    # to create a silence via the Alertmanager API. Because of limitations in ntfy,
+    # the request will be proxied through ntfy-alertmanager. Therefore ntfy-alertmanager
+    # needs to be exposed to external network requests and base-url has to be set.
+    #
+    # When alert-mode is set to "single" all alert labels will be used to create the silence.
+    # When it is "multi" common labels between all the alerts will be used. WARNING: This
+    # could silence unwanted alerts.
+    silence-duration 24h
+    # Basic authentication (https://prometheus.io/docs/alerting/latest/https/)
+#   user user
+#   password pass
+    # By default the Alertmanager URL gets parsed from the webhook. In case that
+    # Alertmanger is not reachable under that URL, it can be overwritten here.
+#   url https://alertmanager.xenrox.net
+}
+
+# When the alert-mode is set to single, ntfy-alertmanager will cache each single alert
+# to avoid sending recurrences.
+cache {
+    # The type of cache that will be used (either memory or redis; default is memory).
+    type memory
+    # How long messages stay in the cache for
+    duration 24h
+
+    # Memory cache settings
+    # Interval in which the cache is cleaned up
+    cleanup-interval 1h
+
+    # Redis cache settings
+    # URL to connect to redis (default: redis://localhost:6379)
+#   redis-url redis://user:password@localhost:6789/3
+}
\ No newline at end of file