Set up a unix domain socket.

README.md

@@ -24,4 +24,8 @@ For more configuration info, see the upstream [configuration docs](https://docs.
   roles:
     - role: bleetube.ntfy
       become: true
-```
+```
+
+## Resources
+
+* binwiederhier publishes the [configuration for his production server](https://github.com/binwiederhier/ntfy-ansible/blob/main/roles/ntfy/templates/server.yml.j2) in an Ansible playbook.

defaults/main.yml

@@ -3,4 +3,6 @@ ntfy_base_url: ''
 ntfy_listen_http: ":80"
 ntfy_cache_file: /var/cache/ntfy/cache.db
 ntfy_behind_proxy: 'true'
-ntfy_attachment_cache_dir: /var/cache/ntfy/attachments
+ntfy_attachment_cache_dir: /var/cache/ntfy/attachments
+ntfy_listen_unix: /run/ntfy/ntfy.sock
+ntfy_listen_unix_mode: '0666'

tasks/main.yml

@@ -9,6 +9,14 @@
     state: present
   when: ansible_os_family != 'Debian'
 
+- name: Ensure directory for ntfy domain sockets
+  ansible.builtin.file:
+    path: /var/run/ntfy
+    state: directory
+    owner: ntfy
+    group: ntfy
+    mode: '0755'
+
 - name: Ensure ntfy is enabled on boot
   ansible.builtin.service:
     name: ntfy

templates/server.yml.j2

@@ -25,8 +25,8 @@ listen-http: "{{ ntfy_listen_http }}"
 # Listen on a Unix socket, e.g. /var/lib/ntfy/ntfy.sock
 # This can be useful to avoid port issues on local systems, and to simplify permissions.
 #
-# listen-unix: <socket-path>
+listen-unix: {{ ntfy_listen_unix }}
-# listen-unix-mode: <linux permissions, e.g. 0700>
+listen-unix-mode: {{ ntfy_listen_unix_mode }}
 
 # Path to the private key & cert file for the HTTPS web server. Not used if "listen-https" is not set.
 #