diff --git a/system/servenix/default.nix b/system/servenix/default.nix
index f1728ba6..8c8f1dc6 100644
--- a/system/servenix/default.nix
+++ b/system/servenix/default.nix
@@ -32,6 +32,7 @@
     ../services/kiwix.nix
     ../services/kopia.nix
     ../services/nextcloud.nix
+    ../services/ntfy.nix
     ../services/nginx-proxy-manager.nix
     ../services/paperless.nix
     # ../services/plex.nix # Their monetization strategy is absolutely atrocious
@@ -110,6 +111,8 @@
       "kopia-server-password"
       "kopia-user-password"
       "paperless-nextcloud-sync-password"
+      "ntfy-auth-users"
+      "ntfy-auth-tokens"
     ];
   };
 
diff --git a/system/services/ntfy.nix b/system/services/ntfy.nix
new file mode 100644
index 00000000..15e9edaf
--- /dev/null
+++ b/system/services/ntfy.nix
@@ -0,0 +1,79 @@
+{
+  mylib,
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  ntfyVersion = "v2.21";
+in {
+  # If we need to pass secrets to containers we can't use plain env variables.
+  sops.templates."ntfy_secrets.env".content = ''
+    NTFY_AUTH_USERS=${config.sops.placeholder.ntfy-auth-users}
+    NTFY_AUTH_TOKENS=${config.sops.placeholder.ntfy-auth-tokens}
+  '';
+
+  virtualisation.oci-containers.containers = {
+    #     NTFY_AUTH_USERS='admin:$2b$10$13iMkFcSNXcb/DKlUSS03OM25saLd8/hDlKkowFtXYctu2fQBoLJK:admin,christoph:$2b$10$8jgrgBltBXj/Qw0BxBWf1eIfH53VV6wTdlJZEqWBIH3htwEP9PKgq:user'
+    #     NTFY_AUTH_TOKENS="christoph:tk_rx8fd6hojuz4ekcb72j7juugkbmga:FAIL*-Notif"
+
+    #     NTFY_BASE_URL="https://ntfy.vps.chriphost.de"
+    #     NTFY_BEHIND_PROXY="true"
+    #     NTFY_AUTH_FILE="/var/lib/ntfy/auth.db"
+    #     NTFY_AUTH_DEFAULT_ACCESS="deny-all"
+    #     NTFY_ENABLE_LOGIN="true"
+    #     NTFY_REQUIRE_LOGIN="true"
+    #     NTFY_ATTACHMENT_CACHE_DIR="/var/cache/ntfy/attachments"
+    #     NTFY_CACHE_FILE="/var/cache/ntfy/cache.db"
+    #     NTFY_UPSTREAM_BASE_URL="https://ntfy.sh"
+    #     NTFY_AUTH_ACCESS="christoph:*:read-write"
+    ntfy = {
+      image = "binwiederhier/ntfy:${ntfyVersion}";
+      autoStart = true;
+
+      login = mylib.containers.mkDockerLogin config;
+
+      dependsOn = [];
+
+      ports = [
+        # "80:80"
+      ];
+
+      volumes = [
+        "ntfy_cache:/var/cache/ntfy"
+        "ntfy_attachments:/var/cache/ntfy/attachments"
+        "ntfy_lib:/var/lib/ntfy"
+        "ntfy_etc:/etc/ntfy"
+      ];
+
+      cmd = ["serve"];
+
+      environment = {
+        PUID = "1000";
+        PGID = "1000";
+        TZ = "Europe/Berlin";
+
+        NTFY_BASE_URL = "https://ntfy.vps.chriphost.de";
+        NTFY_BEHIND_PROXY = "true";
+        NTFY_AUTH_FILE = "/var/lib/ntfy/auth.db";
+        NTFY_AUTH_DEFAULT_ACCESS = "deny-all";
+        NTFY_ENABLE_LOGIN = "true";
+        NTFY_REQUIRE_LOGIN = "true";
+        NTFY_ATTACHMENT_CACHE_DIR = "/var/cache/ntfy/attachments";
+        NTFY_CACHE_FILE = "/var/cache/ntfy/cache.db";
+        NTFY_UPSTREAM_BASE_URL = "https://ntfy.sh";
+        NTFY_AUTH_ACCESS = "christoph:*:read-write";
+      };
+
+      environmentFiles = [
+        config.sops.templates."ntfy_secrets.env".path
+      ];
+
+      extraOptions = [
+        # "--privileged"
+        # "--device=nvidia.com/gpu=all"
+        "--net=behind-nginx"
+      ];
+    };
+  };
+}