Upgrade ntfy v2.11.0 → v2.17.0 and add ntfy + frigate reference docs

Picks up 6 minor releases with no breaking changes. Notable additions include dead man's switch notifications (v2.16.0), declarative ACL config (v2.14.0), and crash fixes (v2.17.0). Also adds reference cards for ntfy and frigate to the docs. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 09:51:41 -08:00 · 2026-02-17 09:50:13 -08:00 · 2026-02-17 09:50:13 -08:00
commit 3818252d24
6 changed files with 150 additions and 4 deletions
--- a/argocd/manifests/ntfy/deployment.yaml
+++ b/argocd/manifests/ntfy/deployment.yaml
@ -16,7 +16,7 @@ spec:
    spec:
      containers:
        - name: ntfy
-          image: binwiederhier/ntfy:v2.11.0
+          image: binwiederhier/ntfy:v2.17.0
          args: ["serve", "--config", "/etc/ntfy/server.yml"]
          ports:
            - containerPort: 80
--- a/docs/changelog.d/review-ntfy-v2.17.0.infra.md
+++ b/docs/changelog.d/review-ntfy-v2.17.0.infra.md
@ -0,0 +1 @@
+Upgrade ntfy from v2.11.0 to v2.17.0 and add ntfy and frigate reference docs.
--- a/docs/reference/reference.md
+++ b/docs/reference/reference.md
@ -1,6 +1,6 @@
 ---
 title: Reference
-modified: 2026-02-12
+modified: 2026-02-17
 tags:
  - reference
 ---
@ -21,6 +21,7 @@ Individual service reference cards with URLs and configuration details.
 | [[caddy]] | Reverse proxy & TLS termination | indri |
 | [[1password]] | Secrets management | cloud + k8s |
 | [[forgejo]] | Git forge & CI/CD | indri |
+| [[frigate]] | Network video recorder | k8s |
 | [[grafana]] | Dashboards & visualization | k8s |
 | [[immich]] | Photo management | k8s |
 | [[jellyfin]] | Media server | indri |
@ -28,6 +29,7 @@ Individual service reference cards with URLs and configuration details.
 | [[loki]] | Log aggregation | k8s |
 | [[miniflux]] | RSS feed reader | k8s |
 | [[navidrome]] | Music streaming | k8s |
+| [[ntfy]] | Push notifications | k8s |
 | [[postgresql]] | Database cluster | k8s |
 | [[prometheus]] | Metrics collection | k8s |
 | [[teslamate]] | Tesla data logger | k8s |
--- a/docs/reference/services/frigate.md
+++ b/docs/reference/services/frigate.md
@ -0,0 +1,80 @@
+---
+title: Frigate
+modified: 2026-02-17
+tags:
+  - service
+  - surveillance
+---
+
+# Frigate
+
+Open-source network video recorder (NVR) with object detection. Runs cloud-free with all video stored locally on [[sifaka]].
+
+## Quick Reference
+
+| Property | Value |
+|----------|-------|
+| **URL** | https://nvr.ops.eblu.me |
+| **Tailscale URL** | https://nvr.tail8d86e.ts.net |
+| **Namespace** | `frigate` |
+| **Image** | `ghcr.io/blakeblackshear/frigate:0.16.4-standard-arm64` |
+| **Upstream** | https://github.com/blakeblackshear/frigate |
+| **Manifests** | `argocd/manifests/frigate/` |
+
+## Architecture
+
+```
+ReoLink Camera (GableCam)
+    │ RTSP
+    ▼
+Frigate pod
+    ├── go2rtc        — RTSP restream proxy
+    ├── FFmpeg         — stream decoding
+    ├── ONNX detector  — object detection (YOLO-NAS-s, CPU)
+    ├── /media/frigate — NFS recordings (sifaka)
+    └── /db            — SQLite (local PVC)
+        │
+        └──→ MQTT (Mosquitto) → frigate-notify → ntfy → mobile
+```
+
+## Cameras
+
+| Camera | IP | Location | Objects Tracked |
+|--------|----|----------|-----------------|
+| GableCam | `192.168.1.159` | Front gable | person, car, dog, cat, bird |
+
+Camera credentials are stored in 1Password and synced via [[external-secrets]] to the `frigate-camera` Secret.
+
+## Detection
+
+Object detection uses ONNX with a YOLO-NAS-s model running on CPU (ARM64). The model file lives on the NFS recordings volume at `/media/frigate/models/yolo_nas_s.onnx`.
+
+A `driveway_entrance` zone is configured for alert filtering — only detections in this zone trigger review alerts.
+
+## Retention
+
+| Type | Duration | Mode |
+|------|----------|------|
+| Continuous recording | 3 days | all |
+| Alert clips | 30 days | active objects |
+| Detection clips | 14 days | motion |
+| Snapshots | 14 days | — |
+
+## Storage
+
+| Mount | Backend | Size |
+|-------|---------|------|
+| `/media/frigate` | NFS PV on [[sifaka]] (`/volume1/frigate`) | 2 Ti |
+| `/db` | Local PVC (`frigate-database`) | SQLite |
+| `/dev/shm` | Memory-backed `emptyDir` | 256 Mi |
+
+## Alerting (frigate-notify)
+
+A separate **frigate-notify** pod (`ghcr.io/0x2142/frigate-notify:v0.3.5`) subscribes to Frigate's MQTT events via Mosquitto and pushes alerts to [[ntfy]] on the `frigate-alerts` topic. Alert messages include action buttons linking back to the Frigate review UI.
+
+## Related
+
+- [[ntfy]] - Push notification delivery
+- [[sifaka]] - NAS storage for recordings
+- [[observability]] - Prometheus metrics at `/api/metrics`
+- [[operationalize-reolink-camera]] - Original deployment plan
--- a/docs/reference/services/ntfy.md
+++ b/docs/reference/services/ntfy.md
@ -0,0 +1,63 @@
+---
+title: Ntfy
+modified: 2026-02-17
+tags:
+  - service
+  - notifications
+---
+
+# Ntfy
+
+Self-hosted push notification service. Ntfy receives HTTP POST messages and delivers them to subscribed clients (mobile apps, web UI, CLI).
+
+## Quick Reference
+
+| Property | Value |
+|----------|-------|
+| **URL** | https://ntfy.ops.eblu.me |
+| **Tailscale URL** | https://ntfy.tail8d86e.ts.net |
+| **Namespace** | `ntfy` |
+| **Image** | `binwiederhier/ntfy:v2.17.0` |
+| **Upstream** | https://github.com/binwiederhier/ntfy |
+| **Manifests** | `argocd/manifests/ntfy/` |
+
+## Architecture
+
+Ntfy runs as a single pod with no persistent storage — message cache and attachments use an `emptyDir` volume. This is intentional: ntfy is treated as an ephemeral delivery channel, not a message store. Messages lost on pod restart are acceptable.
+
+The upstream relay (`ntfy.sh`) is configured so mobile app clients can receive push notifications via Google FCM / Apple APNs without self-hosting those integrations.
+
+## Producers
+
+Currently the only producer is **frigate-notify**, which publishes camera detection alerts (person, vehicle, animal) from [[frigate|Frigate]] via MQTT to ntfy:
+
+```
+Frigate → MQTT (Mosquitto) → frigate-notify → ntfy → mobile clients
+```
+
+The frigate-notify config points to ntfy's cluster-internal address:
+
+```
+http://ntfy.ntfy.svc.cluster.local:80
+```
+
+Other services could publish to ntfy in the future — any HTTP client can POST to a topic.
+
+## Configuration
+
+Server config is in a ConfigMap (`ntfy-config`):
+
+| Setting | Value |
+|---------|-------|
+| `base-url` | `https://ntfy.ops.eblu.me` |
+| `upstream-base-url` | `https://ntfy.sh` |
+| `attachment-total-size-limit` | 1 GB |
+| `attachment-file-size-limit` | 10 MB |
+| `attachment-expiry-duration` | 24h |
+
+No authentication is configured — access is restricted by Tailscale ACLs (only tailnet clients can reach the service).
+
+## Related
+
+- [[routing]] - How ntfy is exposed via Caddy
+- [[observability]] - Monitoring and alerting infrastructure
--- a/service-versions.yaml
+++ b/service-versions.yaml
@ -40,8 +40,8 @@ services:

  - name: ntfy
    type: argocd
-    last-reviewed: null
-    current-version: null
+    last-reviewed: 2026-02-17
+    current-version: "v2.17.0"
    upstream-source: https://github.com/binwiederhier/ntfy/releases

  - name: homepage
				`@ -0,0 +1 @@`
				`Upgrade ntfy from v2.11.0 to v2.17.0 and add ntfy and frigate reference docs.`