feat: add Gotify notification server with iGotify iOS support

Add comprehensive push notification infrastructure with:
- Gotify server for push notifications with admin password configuration
- iGotify Assistant service for iOS notification relay via Apple Push Notifications
- Dual subdomain setup (gotify.* and gotify-assistant.*)
- Proper service dependencies and container communication via hairpinning
- Caddy reverse proxy configuration for both services
- DNS A records for both subdomains
- Added to monitoring services category
- Tested with successful notification delivery

Services accessible at:
- https://gotify.thesatelliteoflove.com (main server)
- https://gotify-assistant.thesatelliteoflove.com (iOS assistant)

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

CLAUDE.md

@@ -4,7 +4,7 @@ This file provides guidance to Claude Code (claude.ai/code) when working with co
 
 ## Overview
 
-This is a personal infrastructure Ansible playbook that automates deployment and management of 25 self-hosted Docker services across two domains (`thesatelliteoflove.com` and `nerder.land`). The setup uses Tailscale VPN for secure networking and Caddy for reverse proxy with automated HTTPS.
+This is a personal infrastructure Ansible playbook that automates deployment and management of 24 self-hosted Docker services across two domains (`thesatelliteoflove.com` and `nerder.land`). The setup uses Tailscale VPN for secure networking and Caddy for reverse proxy with automated HTTPS.
 
 **Important**: Always review `DEPLOYMENT_LEARNINGS.md` when working on this repository for lessons learned and troubleshooting guidance.
 
@@ -51,7 +51,7 @@ ansible-playbook site.yml -i hosts.yml --tags common,cron --vault-password-file
 ### Role Structure
 - **bootstrap**: Initial server hardening, user creation, Tailscale VPN setup
 - **common**: Basic system configuration, UFW firewall management
-- **docker**: Comprehensive service deployment (25 containerized applications, organized by category)
+- **docker**: Comprehensive service deployment (24 containerized applications, organized by category)
 - **cron**: Scheduled task management (currently Warhammer RSS feed generation)
 
 ### Docker Role Organization (Reorganized into Logical Categories)
@@ -60,7 +60,7 @@ The docker role is now organized into logical service groups under `roles/docker
 - **infrastructure/**: Core platform components
   - Caddy (reverse proxy), Authentik (SSO), Dockge (container management)
 - **development/**: Development and collaboration tools  
-  - Gitea, Code Server, Matrix (Conduit)
+  - Gitea, Code Server
 - **media/**: Content creation and consumption
   - Audiobookshelf, Calibre, Ghost blog, Pinchflat, Pinry, Karakeep (formerly Hoarder), Manyfold
 - **productivity/**: Personal organization and document management

README.md

@@ -10,7 +10,7 @@ The playbook manages two main environments:
 
 ## Services Deployed
 
-The Docker role deploys and manages 25 self-hosted services organized into logical categories:
+The Docker role deploys and manages 24 self-hosted services organized into logical categories:
 
 ### Infrastructure
 - **Caddy** (Reverse proxy with automatic HTTPS)
@@ -20,7 +20,6 @@ The Docker role deploys and manages 25 self-hosted services organized into logic
 ### Development
 - **Gitea** (Git repository hosting)
 - **Code Server** (VS Code in browser)
-- **Matrix Conduit** (Communication/chat)
 
 ### Media
 - **Audiobookshelf** (Audiobook server)

dns.yml

@@ -35,8 +35,6 @@
             ip: "152.53.36.98"
           - name: watcher
             ip: "152.53.36.98"
-          - name: chat
-            ip: "152.53.36.98"
           - name: models
             ip: "152.53.36.98"
           - name: tasks
@@ -47,6 +45,10 @@
             ip: "152.53.36.98"
           - name: bookmarks
             ip: "152.53.36.98"
+          - name: gotify
+            ip: "152.53.36.98"
+          - name: gotify-assistant
+            ip: "152.53.36.98"
       - name: nerder.land
         dns_records:
           - name: "forms"

group_vars/all/domains.yml

@@ -29,7 +29,8 @@ subdomains:
   appriseapi: "appriseapi.{{ primary_domain }}"
   dockge: "dockge.{{ primary_domain }}"
   code: "code.{{ primary_domain }}"  # Code Server
-  chat: "chat.{{ primary_domain }}"  # Conduit Matrix
+  gotify: "gotify.{{ primary_domain }}"  # Gotify notifications
+  gotify_assistant: "gotify-assistant.{{ primary_domain }}"  # iGotify iOS assistant
 
 # Email domains for notifications
 email_domains:

group_vars/docker/services.yml

@@ -3,11 +3,11 @@
 # Service categories for organization
 service_categories:
   infrastructure: ["caddy", "authentik", "dockge"]
-  development: ["gitea", "codeserver", "conduit"]
+  development: ["gitea", "codeserver"]
   media: ["audiobookshelf", "calibre", "ghost", "pinchflat", "pinry", "hoarder", "manyfold"]
   productivity: ["paperlessngx", "baikal", "syncthing", "mmdl", "heyform", "dawarich", "pingvin"]
   communication: ["gotosocial", "postiz"]
-  monitoring: ["glance", "changedetection", "appriseapi"]
+  monitoring: ["glance", "changedetection", "appriseapi", "gotify"]
 
 # Common service configuration
 services:

roles/docker/README.md

@@ -1,7 +1,7 @@
 # Docker Role
 
 ## Purpose
-Deploys and manages a comprehensive self-hosted infrastructure with 22+ containerized services organized into logical categories, transforming a server into a personal cloud platform with authentication, media management, productivity tools, and development services.
+Deploys and manages a comprehensive self-hosted infrastructure with 24 containerized services organized into logical categories, transforming a server into a personal cloud platform with authentication, media management, productivity tools, and development services.
 
 ## Architecture Overview
 
@@ -28,7 +28,6 @@ Deploys and manages a comprehensive self-hosted infrastructure with 22+ containe
 ### Development (`development/`)
 - **Gitea** - Self-hosted Git with CI/CD runners
 - **Code Server** - VS Code in the browser
-- **Conduit** - Matrix homeserver for communication
 
 ### Media (`media/`)
 - **Audiobookshelf** - Audiobook and podcast server
@@ -92,8 +91,7 @@ roles/docker/
 │   ├── development/
 │   │   ├── main.yml               # Development category orchestrator
 │   │   ├── gitea.yml              # Git hosting
-│   │   ├── codeserver.yml         # VS Code server
-│   │   └── conduit.yml            # Matrix server
+│   │   └── codeserver.yml         # VS Code server
 │   ├── media/                     # Media services (7 services)
 │   ├── productivity/              # Productivity services (7 services)
 │   ├── communication/             # Communication services (2 services)

roles/docker/files/Caddyfile

@@ -64,13 +64,6 @@ thesatelliteoflove.com {
     file_server
 }
 
-chat.thesatelliteoflove.com, chat.thesatelliteoflove.com:8448 {
-    handle /.well-known/* {
-        root * /srv/matrix
-        file_server
-    }
-    reverse_proxy /_matrix/* conduit-homeserver-1:6167
-}
 
 
 bookmarks.thesatelliteoflove.com {
@@ -90,6 +83,14 @@ home.thesatelliteoflove.com {
     reverse_proxy authentik-server-1:9000
 }
 
+gotify.thesatelliteoflove.com {
+    reverse_proxy gotify-gotify-1:80
+}
+
+gotify-assistant.thesatelliteoflove.com {
+    reverse_proxy gotify-igotify-assistant-1:8080
+}
+
 
 repair.nerder.land {
     root * /srv/repair

roles/docker/files/client

@@ -1,5 +0,0 @@
-{
-    "m.homeserver": {
-        "base_url": "https://chat.thesatelliteoflove.com"
-    }
-}

roles/docker/files/server

@@ -1,3 +0,0 @@
-{
-    "m.server": "chat.thesatelliteoflove.com:443"
-}

roles/docker/tasks/development/conduit.yml

@@ -1,29 +0,0 @@
-- name: make conduit directories
-  ansible.builtin.file:
-    path: "{{ item}}"
-    state: directory
-  loop:
-    - /opt/stacks/conduit
-
-- name: copy well-known files
-  ansible.builtin.copy:
-    src: "{{item}}"
-    dest: /opt/stacks/caddy/site/matrix/
-    owner: root
-    mode: 644
-  loop:
-    - client
-    - server
-
-- name: Template out the compose file
-  ansible.builtin.template:
-    src: conduit-compose.yml.j2
-    dest: /opt/stacks/conduit/compose.yml
-    owner: root
-    mode: 644
-
-- name: deploy conduit stack
-  community.docker.docker_compose_v2:
-    project_src: /opt/stacks/conduit
-    files:
-    - compose.yml

roles/docker/tasks/development/main.yml

@@ -9,6 +9,3 @@
   import_tasks: codeserver.yml
   tags: codeserver
 
-- name: Install conduit
-  import_tasks: conduit.yml
-  tags: conduit

roles/docker/tasks/monitoring/gotify.yml

@@ -0,0 +1,19 @@
+- name: Create gotify directories
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+  loop:
+    - /opt/stacks/gotify
+
+- name: Template out the gotify compose file
+  ansible.builtin.template:
+    src: gotify-compose.yml.j2
+    dest: /opt/stacks/gotify/compose.yml
+    owner: root
+    mode: 644
+
+- name: Deploy gotify stack
+  community.docker.docker_compose_v2:
+    project_src: /opt/stacks/gotify
+    files:
+      - compose.yml

roles/docker/tasks/monitoring/main.yml

@@ -11,4 +11,8 @@
 
 - name: Install appriseapi
   import_tasks: appriseapi.yml 
-  tags: appriseapi
+  tags: appriseapi
+
+- name: Install gotify
+  import_tasks: gotify.yml
+  tags: gotify

roles/docker/templates/conduit-compose.yml.j2

@@ -1,46 +0,0 @@
-services:
-    homeserver:
-        image: matrixconduit/matrix-conduit:next
-        restart: unless-stopped
-        volumes:
-            - db:/var/lib/matrix-conduit/
-        labels:
-          glance.name: Conduit
-          glance.icon: si:matrix
-          glance.url: https://{{ subdomains.chat }}/
-          glance.description: Matrix server
-        environment:
-            CONDUIT_SERVER_NAME: {{ subdomains.chat }} # EDIT THIS
-            CONDUIT_DATABASE_PATH: /var/lib/matrix-conduit/
-            CONDUIT_DATABASE_BACKEND: rocksdb
-            CONDUIT_PORT: 6167
-            CONDUIT_MAX_REQUEST_SIZE: 20000000 # in bytes, ~20 MB
-            CONDUIT_ALLOW_REGISTRATION: 'true'
-            CONDUIT_ALLOW_FEDERATION: 'true'
-            CONDUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
-            CONDUIT_TRUSTED_SERVERS: '["matrix.org"]'
-            #CONDUIT_MAX_CONCURRENT_REQUESTS: 100
-            CONDUIT_ADDRESS: 0.0.0.0
-            CONDUIT_CONFIG: '' # Ignore this
-    #
-    ### Uncomment if you want to use your own Element-Web App.
-    ### Note: You need to provide a config.json for Element and you also need a second
-    ###       Domain or Subdomain for the communication between Element and Conduit
-    ### Config-Docs: https://github.com/vector-im/element-web/blob/develop/docs/config.md
-    # element-web:
-    #     image: vectorim/element-web:latest
-    #     restart: unless-stopped
-    #     ports:
-    #         - 8009:80
-    #     volumes:
-    #         - ./element_config.json:/app/config.json
-    #     depends_on:
-    #         - homeserver
-
-volumes:
-    db:
-
-networks:
-  default:
-    external: true
-    name: {{ docker.network_name }}

roles/docker/templates/gotify-compose.yml.j2

@@ -0,0 +1,44 @@
+services:
+  gotify:
+    image: gotify/server:latest
+    restart: unless-stopped
+    volumes:
+      - gotify_data:/app/data
+    environment:
+      - GOTIFY_DEFAULTUSER_PASS={{ vault_gotify.admin_password }}
+      - TZ=America/Denver
+    labels:
+      glance.name: Gotify
+      glance.icon: si:gotify
+      glance.url: "https://{{ subdomains.gotify }}/"
+      glance.description: Push notification server
+    extra_hosts:
+      - "{{ subdomains.auth }}:{{ docker.hairpin_ip }}"
+      - "{{ subdomains.gotify_assistant }}:{{ docker.hairpin_ip }}"
+
+  igotify-assistant:
+    image: ghcr.io/androidseb25/igotify-notification-assist:latest
+    restart: unless-stopped
+    volumes:
+      - igotify_data:/app/data
+    environment:
+      - TZ=America/Denver
+    depends_on:
+      - gotify
+    labels:
+      glance.name: iGotify Assistant
+      glance.icon: si:apple
+      glance.url: "https://{{ subdomains.gotify_assistant }}/"
+      glance.description: iOS notification assistant
+    extra_hosts:
+      - "{{ subdomains.auth }}:{{ docker.hairpin_ip }}"
+      - "{{ subdomains.gotify }}:{{ docker.hairpin_ip }}"
+
+volumes:
+  gotify_data:
+  igotify_data:
+
+networks:
+  default:
+    external: true
+    name: "{{ docker.network_name }}"

todo.md

@@ -9,7 +9,7 @@
   roles/docker/tasks/
   ├── main.yml (orchestrator)
   ├── infrastructure/ (caddy, authentik, dockge)
-  ├── development/ (gitea, codeserver, conduit)
+  ├── development/ (gitea, codeserver)
   ├── media/ (audiobookshelf, calibre, ghost, pinchflat, pinry, hoarder, manyfold)
   ├── productivity/ (paperless, baikal, syncthing, mmdl, heyform, dawarich, pingvin)
   ├── communication/ (gotosocial, postiz)