changed to custom ntfy config

README.md

@@ -113,6 +113,7 @@ Edit `/etc/emergency-access/config.json`:
   "notifications": {
     "key_backends": ["matrix_sec", "pushover_emergency"],
     "health_backends": ["matrix_health"],
+    "config_path": "/etc/emergency-access/ntfy.yml",
     "key_message": "🚨 EMERGENCY: Decryption key accessed from server",
     "health_message": "✅ Emergency access server health check completed",
     "log_level": "WARNING",
@@ -136,8 +137,9 @@ Edit `/etc/emergency-access/config.json`:
 - `dummy_file`: Path to dummy content for health checks
 
 #### Notification Settings
-- `key_backends`: List of backend names from your global ntfy config for key access alerts
-- `health_backends`: List of backend names from your global ntfy config for health check notifications and all application logs
+- `key_backends`: List of backend names from `/etc/emergency-access/ntfy.yml` for key access alerts
+- `health_backends`: List of backend names from `/etc/emergency-access/ntfy.yml` for health check notifications and all application logs
+- `config_path`: Path to the ntfy configuration file (default: `/etc/emergency-access/ntfy.yml`)
 - `key_message`: Message sent when key is accessed
 - `health_message`: Message sent for health checks
 - `log_level`: Minimum log level to send to health backends ("INFO", "WARNING", "ERROR")
@@ -147,7 +149,7 @@ Edit `/etc/emergency-access/config.json`:
 - `matrix_sec`: Matrix backend for security alerts
 - `pushover_emergency`: Pushover backend for emergency notifications
 - `slack_critical`: Slack backend for critical alerts
-- Any backend name configured in your global `~/.ntfy.yml`
+- Any backend name configured in `/etc/emergency-access/ntfy.yml`
 
 ### Key and Dummy Files
 
@@ -167,27 +169,37 @@ Edit `/etc/emergency-access/config.json`:
 
 ## dschep/ntfy Backend Setup
 
-The system uses your existing global ntfy configuration. Simply reference your configured backend names in the emergency access configuration.
+The system uses a dedicated ntfy configuration file at `/etc/emergency-access/ntfy.yml`. Configure your notification backends in this file and reference them by name in the main configuration.
 
-### Using Your Existing Backends
+### Configuring Notification Backends
 
-1. **Check your global ntfy config** (typically `~/.ntfy.yml`):
+1. **Edit the dedicated ntfy config** (`/etc/emergency-access/ntfy.yml`):
    ```yaml
    backends:
      - matrix_sec
+     - matrix_health
      - pushover_emergency
    
    matrix_sec:
      backend: matrix
      url: https://your-matrix-server.com
-     roomId: "!emergency:your-matrix-server.com"
+     roomId: "!emergency-security:your-matrix-server.com"
      userId: "@emergency-bot:your-matrix-server.com"
-     password: "your-bot-password"
+     password: "your-matrix-bot-password"
+   
+   matrix_health:
+     backend: matrix
+     url: https://your-matrix-server.com
+     roomId: "!emergency-health:your-matrix-server.com"
+     userId: "@emergency-bot:your-matrix-server.com"
+     password: "your-matrix-bot-password"
    
    pushover_emergency:
      backend: pushover
      user_key: YOUR_PUSHOVER_USER_KEY
      priority: 2
+     retry: 60
+     expire: 3600
      sound: siren
    ```
 
@@ -195,28 +207,38 @@ The system uses your existing global ntfy configuration. Simply reference your c
    ```json
    "notifications": {
      "key_backends": ["matrix_sec", "pushover_emergency"],
-     "health_backends": ["matrix_sec"]
+     "health_backends": ["matrix_health"],
+     "config_path": "/etc/emergency-access/ntfy.yml"
    }
    ```
 
-### Adding New Backends
+### Adding Additional Backends
 
-If you need additional backends for emergency access, add them to your global ntfy config:
+Add more backends to `/etc/emergency-access/ntfy.yml` as needed:
 
 ```yaml
-# Add to your ~/.ntfy.yml
+# Additional backends in /etc/emergency-access/ntfy.yml
 backends:
   - matrix_sec
+  - matrix_health
   - pushover_emergency
   - slack_critical
+  - email_emergency
 
 slack_critical:
   backend: slack
   token: YOUR_SLACK_BOT_TOKEN
   recipient: "#emergency-alerts"
-```
 
-Then reference them in the emergency access configuration.
+email_emergency:
+  backend: email
+  smtp_server: smtp.gmail.com
+  smtp_port: 587
+  username: your-email@gmail.com
+  password: your-app-password
+  to: emergency-team@company.com
+  from: emergency-access@company.com
+```
 
 ## Service Management
 
@@ -369,13 +391,13 @@ The service binds only to localhost (127.0.0.1:1127) and is accessed through you
 2. **Notification failures**:
    ```bash
    # Test dschep/ntfy installation and configuration
-   ntfy send "test message"
+   NTFY_CONFIG=/etc/emergency-access/ntfy.yml ntfy send "test message"
    
-   # Check global ntfy configuration
-   cat ~/.ntfy.yml
+   # Check ntfy configuration
+   cat /etc/emergency-access/ntfy.yml
    
    # Test specific backend
-   ntfy -b matrix_sec send "test message"
+   NTFY_CONFIG=/etc/emergency-access/ntfy.yml ntfy -b matrix_sec send "test message"
    ```
 
 3. **File permission errors**:
@@ -395,8 +417,8 @@ Test your setup before deployment:
 sudo -u emergency-access /opt/emergency-access/venv/bin/python /opt/emergency-access/main.py --validate
 
 # Test notifications manually with your backend
-ntfy -b matrix_sec send "Test notification"
-ntfy -b pushover_emergency send "Test emergency notification"
+NTFY_CONFIG=/etc/emergency-access/ntfy.yml ntfy -b matrix_sec send "Test notification"
+NTFY_CONFIG=/etc/emergency-access/ntfy.yml ntfy -b pushover_emergency send "Test emergency notification"
 ```
 
 ## Development

config-production.json

@@ -14,6 +14,7 @@
   "notifications": {
     "key_backends": ["matrix_sec"],
     "health_backends": ["matrix_ntf"],
+    "config_path": "/etc/emergency-access/ntfy.yml",
     "key_message": "🚨 CRITICAL ALERT: Emergency decryption key accessed in PRODUCTION environment",
     "health_message": "✅ Emergency access system health check - all systems operational",
     "log_level": "WARNING",

config.json

@@ -14,6 +14,7 @@
   "notifications": {
     "key_backends": ["matrix_sec", "pushover_emergency"],
     "health_backends": ["matrix_health"],
+    "config_path": "/etc/emergency-access/ntfy.yml",
     "key_message": "🚨 EMERGENCY: Decryption key accessed from server",
     "health_message": "✅ Emergency access server health check completed",
     "log_level": "WARNING",

config.py

@@ -68,6 +68,11 @@ class Config:
             raise Exception("No notification backends configured for health check")
         return backends
 
+    @property
+    def ntfy_config_path(self) -> str:
+        return self.config.get('notifications', {}).get('config_path', '/etc/emergency-access/ntfy.yml')
+
+
     @property
     def log_level(self) -> str:
         return self.config.get('notifications', {}).get('log_level', 'WARNING')

emergency-access.service

@@ -10,7 +10,7 @@ Group=emergency-access
 WorkingDirectory=/opt/emergency-access
 Environment=EMERGENCY_CONFIG=/etc/emergency-access/config.json
 Environment=PYTHONPATH=/opt/emergency-access
-
+Environment=NTFY_CONFIG=/etc/emergency-access/ntfy.yml
 ExecStart=/opt/emergency-access/venv/bin/python /opt/emergency-access/main.py
 ExecReload=/bin/kill -HUP $MAINPID
 Restart=always

install.sh

@@ -114,13 +114,24 @@ install_application() {
         print_warning "Configuration file already exists, skipping copy"
     fi
 
+    # Copy ntfy config if it doesn't exist
+    if [[ ! -f "$CONFIG_DIR/ntfy.yml" ]]; then
+        cp ntfy.yml "$CONFIG_DIR/"
+        print_status "Copied example ntfy configuration to $CONFIG_DIR/ntfy.yml"
+        print_warning "Please edit $CONFIG_DIR/ntfy.yml with your notification backends"
+    else
+        print_warning "ntfy configuration file already exists, skipping copy"
+    fi
+
     # Set permissions
     chown -R "$SERVICE_USER:$SERVICE_GROUP" "$INSTALL_DIR"
     chown "$SERVICE_USER:$SERVICE_GROUP" "$CONFIG_DIR/config.json"
+    chown "$SERVICE_USER:$SERVICE_GROUP" "$CONFIG_DIR/ntfy.yml"
 
     chmod 644 "$INSTALL_DIR"/*.py
     chmod 644 "$INSTALL_DIR/requirements.txt"
     chmod 640 "$CONFIG_DIR/config.json"  # Restrictive permissions for config
+    chmod 640 "$CONFIG_DIR/ntfy.yml"     # Restrictive permissions for ntfy config
 }
 
 setup_python_environment() {
@@ -210,9 +221,9 @@ print_final_instructions() {
     print_status "Installation complete!"
     echo
     print_warning "IMPORTANT: Before starting the service:"
-    echo "1. Edit $CONFIG_DIR/config.json with your backend names from global ntfy config"
-    echo "2. Replace $CONFIG_DIR/key-part.txt with your actual key part"
-    echo "3. Ensure your global ntfy configuration (~/.ntfy.yml) has the required backends"
+    echo "1. Edit $CONFIG_DIR/config.json with your backend names"
+    echo "2. Edit $CONFIG_DIR/ntfy.yml with your notification backend configurations"
+    echo "3. Replace $CONFIG_DIR/key-part.txt with your actual key part"
     echo "4. Test the configuration"
     echo
     print_status "Service management commands:"
@@ -224,6 +235,7 @@ print_final_instructions() {
     echo
     print_status "Configuration files:"
     echo "  Service config:   $CONFIG_DIR/config.json"
+    echo "  ntfy config:      $CONFIG_DIR/ntfy.yml"
     echo "  Key file:         $CONFIG_DIR/key-part.txt"
     echo "  Dummy file:       $CONFIG_DIR/dummy.txt"
     echo "  Log file:         $LOG_FILE"

main.py

@@ -58,7 +58,7 @@ config = None
 
 def send_ntfy_notification(backends: List[str], message: str, title: str = None) -> Tuple[bool, List[str]]:
     """
-    Send notification using dschep/ntfy with global config
+    Send notification using dschep/ntfy with dedicated config file
     Returns: (success, successful_backends)
     """
     successful_backends = []
@@ -68,14 +68,26 @@ def send_ntfy_notification(backends: List[str], message: str, title: str = None)
             # Import ntfy here to avoid import issues during startup
             import ntfy
 
-            # Send notification using the backend name from global ntfy config
-            if title:
-                ntfy.notify(message, title=title, backend=backend)
-            else:
-                ntfy.notify(message, backend=backend)
+            # Set the ntfy config file path
+            old_config = os.environ.get('NTFY_CONFIG')
+            os.environ['NTFY_CONFIG'] = config.ntfy_config_path
 
-            successful_backends.append(backend)
-            logger.info(f"Notification sent successfully via {backend}")
+            try:
+                # Send notification using the backend name from our config file
+                if title:
+                    ntfy.notify(message, title=title, backend=backend)
+                else:
+                    ntfy.notify(message, backend=backend)
+
+                successful_backends.append(backend)
+                logger.info(f"Notification sent successfully via {backend}")
+
+            finally:
+                # Restore original config
+                if old_config:
+                    os.environ['NTFY_CONFIG'] = old_config
+                elif 'NTFY_CONFIG' in os.environ:
+                    del os.environ['NTFY_CONFIG']
 
         except ImportError:
             logger.error(f"ntfy package not available for backend {backend}")

ntfy.yml

@@ -0,0 +1,83 @@
+---
+# ntfy configuration for emergency access server
+# This file configures the dschep/ntfy backends for notifications
+
+backends:
+  - matrix_sec
+  - matrix_health
+  - pushover_emergency
+
+# Matrix backend for security alerts
+matrix_sec:
+  backend: matrix
+  url: https://your-matrix-server.com
+  roomId: "!emergency-security:your-matrix-server.com"
+  userId: "@emergency-bot:your-matrix-server.com"
+  password: "your-matrix-bot-password"
+  token: "your-matrix-access-token"  # Alternative to password
+
+# Matrix backend for health monitoring and logs
+matrix_health:
+  backend: matrix
+  url: https://your-matrix-server.com
+  roomId: "!emergency-health:your-matrix-server.com"
+  userId: "@emergency-bot:your-matrix-server.com"
+  password: "your-matrix-bot-password"
+  token: "your-matrix-access-token"  # Alternative to password
+
+# Pushover backend for emergency notifications
+pushover_emergency:
+  backend: pushover
+  user_key: YOUR_PUSHOVER_USER_KEY_HERE
+  api_token: YOUR_PUSHOVER_API_TOKEN_HERE  # optional, uses default if not specified
+  priority: 2  # emergency priority (requires confirmation)
+  retry: 60    # retry every 60 seconds for emergency notifications
+  expire: 3600 # expire after 1 hour
+  sound: siren # emergency sound
+  device: YOUR_DEVICE_ID  # optional, sends to all devices if omitted
+
+# Additional backend examples (uncomment and configure as needed)
+
+# Pushbullet backup
+# pushbullet_backup:
+#   backend: pushbullet
+#   access_token: YOUR_PUSHBULLET_ACCESS_TOKEN_HERE
+#   device_iden: YOUR_DEVICE_ID  # optional, sends to all devices if omitted
+
+# Slack integration
+# slack_critical:
+#   backend: slack
+#   token: YOUR_SLACK_BOT_TOKEN_HERE
+#   recipient: "#emergency-alerts"
+
+# Email notifications
+# email_emergency:
+#   backend: email
+#   smtp_server: smtp.gmail.com
+#   smtp_port: 587
+#   username: your-email@gmail.com
+#   password: your-app-password
+#   to: emergency-team@company.com
+#   from: emergency-access@company.com
+
+# Telegram notifications
+# telegram_emergency:
+#   backend: telegram
+#   # Configuration will be done interactively on first use
+
+# Linux desktop notifications (for testing)
+# linux_desktop:
+#   backend: linux
+#   icon: /usr/share/icons/gnome/48x48/status/dialog-warning.png
+#   urgency: critical
+#   timeout: 0  # never expire
+
+# System log integration
+# syslog_emergency:
+#   backend: systemlog
+#   prio: ALERT
+#   facility: LOCAL0
+#   fmt: "[EMERGENCY-ACCESS] {title}: {message}"
+
+# Custom title for all notifications
+title: "Emergency Access Server"