From 2d7a353751649fcbc7e1c076aa82b47b852f6e24 Mon Sep 17 00:00:00 2001
From: Erich Blume <blume.erich@gmail.com>
Date: Thu, 19 Feb 2026 11:01:55 -0800
Subject: [PATCH] Add nix container build for ntfy

Uses nixpkgs ntfy-sh package instead of the multi-stage Dockerfile build.
After merge, release with: mise run container-tag-and-release ntfy v1.1.0
Then update argocd/manifests/ntfy/deployment.yaml image to the -nix tag.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 containers/ntfy/default.nix | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 containers/ntfy/default.nix

diff --git a/containers/ntfy/default.nix b/containers/ntfy/default.nix
new file mode 100644
index 0000000..47a43ab
--- /dev/null
+++ b/containers/ntfy/default.nix
@@ -0,0 +1,27 @@
+# Nix-built ntfy push notification server
+# Replaces the multi-stage Dockerfile (Node + Go + Alpine) with nixpkgs ntfy-sh
+# Built with dockerTools.buildLayeredImage for efficient layer caching
+{ pkgs ? import <nixpkgs> { } }:
+
+pkgs.dockerTools.buildLayeredImage {
+  name = "blumeops/ntfy";
+  tag = "latest";
+
+  contents = [
+    pkgs.ntfy-sh
+    pkgs.cacert
+    pkgs.tzdata
+  ];
+
+  config = {
+    Entrypoint = [ "${pkgs.ntfy-sh}/bin/ntfy" ];
+    Env = [
+      "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
+      "TZDIR=${pkgs.tzdata}/share/zoneinfo"
+    ];
+    ExposedPorts = {
+      "80/tcp" = { };
+    };
+    User = "65534";
+  };
+}