What authentication options does ntfy support?

ntfy supports Bearer token authentication (preferred for automation) and Basic auth for simple setups.

How do I secure ntfy in a homelab?

Run ntfy behind a TLS-enabled proxy, set base-url, use auth-default-access deny-all, and manage users, tokens, and ACLs to limit publish/subscribe rights.

How can I make notifications actionable or target dashboards?

Use Click headers to link to dashboards and use Actions to provide remediation steps; attach file outputs when needed.

ntfy-notifications

Use Caution

npx machina-cli add skill ddnetters/homelab-agent-skills/ntfy-notifications --openclaw

Files (1)

SKILL.md

6.9 KB

ntfy Notifications

ntfy (pronounce "notify") is a self-hosted push notification service. Send notifications from scripts, cron jobs, and monitoring systems to your phone.

Publishing messages

Simple message

curl -d "Backup completed successfully" https://ntfy.example.com/my-topic

With title, priority, and tags

curl -H "Title: Backup Status" \
     -H "Priority: high" \
     -H "Tags: white_check_mark,backup" \
     -d "Daily backup completed in 5 minutes" \
     https://ntfy.example.com/backups

With authentication

# Token auth (preferred)
curl -H "Authorization: Bearer YOUR_TOKEN" \
     -d "Message here" \
     https://ntfy.example.com/topic

# Basic auth
curl -u username:password \
     -d "Message here" \
     https://ntfy.example.com/topic

With click action and URL

curl -H "Click: https://grafana.example.com/d/alerts" \
     -H "Title: Disk Alert" \
     -H "Priority: urgent" \
     -H "Tags: warning" \
     -d "Disk usage above 90% on /dev/sda1" \
     https://ntfy.example.com/alerts

With actions (buttons)

curl -H "Actions: view, Open Grafana, https://grafana.example.com; http, Restart Service, https://api.example.com/restart, method=POST" \
     -d "Service is down" \
     https://ntfy.example.com/alerts

File attachment

curl -T /var/log/backup.log \
     -H "Filename: backup.log" \
     -H "Title: Backup Log" \
     https://ntfy.example.com/backups

Priority levels

Priority	Keyword	Value	Use for
Max	`max` / `urgent`	5	Service down, security alerts
High	`high`	4	Backup failures, disk warnings
Default	`default`	3	Routine notifications
Low	`low`	2	Info, non-urgent updates
Min	`min`	1	Debug, verbose logging

Tags (emoji shortcodes)

Common tags for homelab notifications:

Tag	Emoji	Use for
`white_check_mark`	✅	Success
`x`	❌	Failure
`warning`	⚠️	Warning
`rotating_light`	🚨	Critical alert
`floppy_disk`	💾	Backup
`whale`	🐳	Docker
`movie_camera`	🎥	Media/Plex
`gear`	⚙️	System/config
`chart_with_upwards_trend`	📈	Monitoring

Full list: https://docs.ntfy.sh/emojis/

Docker deployment

docker-compose.yml

services:
  ntfy:
    image: binwiederhier/ntfy
    command: serve
    ports:
      - "8090:80"
    volumes:
      - ntfy_data:/var/lib/ntfy
      - ./server.yml:/etc/ntfy/server.yml
    environment:
      TZ: Europe/Amsterdam
    restart: unless-stopped

volumes:
  ntfy_data:

server.yml

base-url: https://ntfy.example.com
auth-default-access: deny-all
behind-proxy: true

User and access management

# List users
docker exec ntfy ntfy user list

# Add admin user
docker exec ntfy ntfy user add --role admin USERNAME

# Add regular user
docker exec ntfy ntfy user add USERNAME

# Delete user
docker exec ntfy ntfy user del USERNAME

# Change password
docker exec ntfy ntfy user change-pass USERNAME

Access control (ACLs)

# View all ACLs
docker exec ntfy ntfy access

# Grant read-write to a topic
docker exec ntfy ntfy access USERNAME my-topic rw

# Grant read-only (subscribe only)
docker exec ntfy ntfy access USERNAME alerts ro

# Grant write-only (publish only)
docker exec ntfy ntfy access USERNAME backups wo

# Allow anonymous read access to a topic
docker exec ntfy ntfy access '*' public-topic ro

Token management

# Generate an access token for a user
docker exec ntfy ntfy token add USERNAME

# List tokens
docker exec ntfy ntfy token list

# Remove a token
docker exec ntfy ntfy token remove USERNAME TOKEN

Homelab integration patterns

Backup script notification

#!/bin/bash
NTFY_URL="https://ntfy.example.com/backups"
NTFY_TOKEN="YOUR_TOKEN"

if restic backup /data --json 2>&1 | tail -1 | jq -e '.message_type == "summary"' > /dev/null; then
    curl -s -H "Authorization: Bearer $NTFY_TOKEN" \
         -H "Tags: white_check_mark" \
         -d "Backup completed: $(date +%F)" "$NTFY_URL"
else
    curl -s -H "Authorization: Bearer $NTFY_TOKEN" \
         -H "Priority: high" -H "Tags: x" \
         -d "Backup FAILED: $(date +%F)" "$NTFY_URL"
fi

Watchtower container updates

# In docker-compose.yml
services:
  watchtower:
    image: containrrr/watchtower
    environment:
      WATCHTOWER_NOTIFICATION_URL: "generic://ntfy.example.com/watchtower?auth=Bearer+YOUR_TOKEN"

Cron job wrapper

# Wrap any command with ntfy notification on failure
run_with_ntfy() {
    local topic="$1"; shift
    if ! "$@" 2>&1; then
        curl -s -H "Authorization: Bearer $NTFY_TOKEN" \
             -H "Priority: high" -H "Tags: x" \
             -d "Command failed: $*" "https://ntfy.example.com/$topic"
    fi
}

run_with_ntfy server-alerts certbot renew

Disk space monitor

USAGE=$(df -h / | awk 'NR==2{print $5}' | tr -d '%')
if [ "$USAGE" -gt 90 ]; then
    curl -s -H "Authorization: Bearer $NTFY_TOKEN" \
         -H "Priority: high" -H "Tags: warning" \
         -H "Title: Disk Alert" \
         -d "Root partition at ${USAGE}%" \
         "https://ntfy.example.com/alerts"
fi

Docker health check alerts

UNHEALTHY=$(docker ps --filter "health=unhealthy" --format '{{.Names}}' | tr '\n' ', ')
if [ -n "$UNHEALTHY" ]; then
    curl -s -H "Authorization: Bearer $NTFY_TOKEN" \
         -H "Priority: high" -H "Tags: whale,warning" \
         -H "Title: Unhealthy Containers" \
         -d "$UNHEALTHY" \
         "https://ntfy.example.com/docker"
fi

Phone setup

Install the ntfy app (Android: Play Store / F-Droid, iOS: App Store)
Add your server: Settings → Add server → https://ntfy.example.com
Subscribe to topics
Optional: add credentials if auth is required to subscribe

Subscribing (receiving)

# Subscribe in terminal (streaming)
curl -s https://ntfy.example.com/my-topic/sse

# Subscribe with auth
curl -s -H "Authorization: Bearer YOUR_TOKEN" \
     https://ntfy.example.com/my-topic/sse

# JSON stream
curl -s https://ntfy.example.com/my-topic/json

# Poll (last 24h)
curl -s "https://ntfy.example.com/my-topic/json?since=24h"

Troubleshooting

Problem	Fix
401 Unauthorized	Check token/password, verify ACLs with `ntfy access`
403 Forbidden	User lacks permission for topic. Add ACL: `ntfy access USER TOPIC rw`
No phone notification	Check app subscription, server URL, topic matches exactly
Behind reverse proxy	Set `behind-proxy: true` in server.yml, ensure proxy passes headers
Messages not persisting	Check volume mount for `/var/lib/ntfy`, ensure cache is enabled in config

Source

git clone https://github.com/ddnetters/homelab-agent-skills/blob/main/ntfy-notifications/SKILL.mdView on GitHub

Overview

ntfy is a self-hosted push notification service that lets you publish messages from scripts, cron jobs, and monitoring systems to mobile devices. This skill covers publishing with titles, priorities, tags, and actions; authentication options, and common homelab integration patterns using Docker and ACLs.

How This Skill Works

Messages are published by HTTP requests to a topic on your ntfy server. You can secure automation with Bearer token or basic auth, and customize notifications with headers like Title, Priority, Tags, Click, and Actions. The standard deployment uses Docker or server.yml with a base-url and access controls, enabling reproducible homelab workflows.

When to Use It

Notify on backup completion to a topic like backups
Send high priority alerts for disk or service failures
Report cron or monitoring job outcomes in real time
Provide quick drill-down via Click URLs to dashboards
Test and automate alerts in a Docker-based homelab

Quick Start

Step 1: Deploy ntfy with Docker Compose and configure server.yml with a base-url and proxy settings
Step 2: Publish a message with curl to a topic, e.g. curl -d Backup done https://ntfy.example.com/backups
Step 3: Create users and tokens, and configure ACLs to limit publish/subscribe

Best Practices

Use token-based authentication for automated publishing and store tokens securely
Choose Priority values carefully to avoid alert fatigue
Tag messages to filter and group notifications (e.g., white_check_mark, backup, warning)
Leverage Click and Actions headers to link to dashboards or remediation steps
Secure the ntfy server with TLS, behind a proxy, and strict ACLs (deny-all by default)

Example Use Cases

Publish a simple message when a backup completes: Backup completed successfully to a topic like backups
Publish with a title, priority, and tags to signal a backup status change: Title Backup Status, Priority high, Tags white_check_mark, backup
Authenticate with a bearer token to publish an alert to ntfy server: Use Authorization Bearer YOUR_TOKEN when posting to ntfy.example.com/topic
Add a click action to direct responders to Grafana when a Disk Alert occurs: Click https://grafana.example.com/d/alerts on the alert topic
Attach a log file for debugging using a file attachment: curl -T /var/log/backup.log -H Filename: backup.log -H Title: Backup Log https://ntfy.example.com/backups

Frequently Asked Questions

Add this skill to your agents