From dd711bed5b5b086ad9f37b8c48160e489bb658fd Mon Sep 17 00:00:00 2001
From: proffapt <proffapt@pm.me>
Date: Sat, 15 Jun 2024 13:19:53 +0530
Subject: [PATCH] feat: enable role based access control

---
 docker-compose.yml | 4 +++-
 server.yml         | 4 ++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index e198db7..4227fc3 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -12,6 +12,7 @@ services:
     volumes:
       - nginx-config-volume:/etc/nginx/sites-enabled
       - naarad-cache:/var/cache/ntfy
+      - naarad-auth:/var/lib/ntfy
     healthcheck:
         test: ["CMD-SHELL", "wget -q --tries=1 http://localhost:8000/v1/health -O - | grep -Eo '\"healthy\"\\s*:\\s*true' || exit 1"]
         interval: 60s
@@ -29,4 +30,5 @@ volumes:
   nginx-config-volume:
     external: true
     name: metaploy-nginx-config-volume
-  naarad-cache:
\ No newline at end of file
+  naarad-cache:
+  naarad-auth:
\ No newline at end of file
diff --git a/server.yml b/server.yml
index 6953743..3e25696 100644
--- a/server.yml
+++ b/server.yml
@@ -91,8 +91,8 @@ cache-duration: "24h"
 #   If you are running ntfy with systemd, make sure this user database file is owned by the
 #   ntfy user and group by running: chown ntfy.ntfy <filename>.
 #
-# auth-file: <filename>
-# auth-default-access: "read-write"
+auth-file: /var/lib/ntfy/user.db
+auth-default-access: "deny-all"
 # auth-startup-queries:
 
 # If set, the X-Forwarded-For header is used to determine the visitor IP address