diff --git a/inventories/chaosknoten/host_vars/ntfy.sops.yaml b/inventories/chaosknoten/host_vars/ntfy.sops.yaml
index 2cb9b2a..a92f61c 100644
--- a/inventories/chaosknoten/host_vars/ntfy.sops.yaml
+++ b/inventories/chaosknoten/host_vars/ntfy.sops.yaml
@@ -1,13 +1,14 @@
 secret__loki_chaos: ENC[AES256_GCM,data:LWFTOyER+m021ogmXYBrcr/2fUe3XuZhs5ho0KbM,iv:808LWnSUAPeclhsIgOyR6SutTvJGOu7mrGaVayo7v8M=,tag:f2WCPyUESfMiGDQ4Km5Dyw==,type:str]
 secret__metrics_chaos: ENC[AES256_GCM,data:lAepzCI4pwkF8KiGYzGnC4dPASdHDn+LfbJTFSvt,iv:EUW+CGeYUqhY4G1kb2bbU16j9iLwABHfRCdn2vac5gY=,tag:IcyscB9lZuZgC04XTxDb5w==,type:str]
+secret__ntfy_web_push_private_key: ENC[AES256_GCM,data:YqNEYa1Ln3NFpNoIuBUN1V/WRzod5HAtYueBJYHOwyM59cCaYhQR1S9aQg==,iv:t8bEs5ZAEe6pqbbOb0mpJdfgruX1P9Jd+sbNurGqkng=,tag:Cdy5HKkvb55V6AeRt+MVHg==,type:str]
 ntfy:
   user:
     admin: ENC[AES256_GCM,data:kwGLrQXBiqKRoHkStGzYiC0fbcGgQHdZrrk9NyZtcZcI4nrKTGx1sxrHOMI=,iv:ACrBFMOP6rkfshOgB+a32TFWH1OKhQaoHcYgwHx+tao=,tag:2QTWmH/vAzIWAjaOHOkrXg==,type:str]
     uwrite: ENC[AES256_GCM,data:Jijz+zCPpzSaIEo0xhicKlMhWSewJNJ9GXJGYuohq1E=,iv:gnjEX3N0txcBIkJm5bOs4JfKVsdi5URgoMAmquCMqKQ=,tag:Fip0hA52NeaMODb9XxjInQ==,type:str]
     uread: ENC[AES256_GCM,data:ZODLyYx15c/rPzKexoLURwA=,iv:WqUrXexY/RBAseUwiLPBVYpA5zqJeYBW8mmcvPvjtyI=,tag:SjB4OaTgIaVKHDe4JjDN3Q==,type:str]
 sops:
-  lastmodified: "2025-06-02T16:34:49Z"
-  mac: ENC[AES256_GCM,data:C74LONrD83loeeJpdtwd4qW9tB+hJM5B3/gJ+uNNYh0exBjmXd9bxE17gL0nLxLW8U8iHk5vUDYj55EYtrfL5YABogYKuhBSvibxrjo5ejr0UsO3ecGD6Bd9JIjoW1lv7hIAnEUqy1J25PxklO06gTGjUB61IxDQh2Ner1Cunps=,iv:0ZOZeF7pg4Pi6pD305BlJl7V46BOc5l7Eg0oHYlYK8s=,tag:GtAfyAwqWrZs1IYKhbzN0A==,type:str]
+  lastmodified: "2025-06-12T17:19:27Z"
+  mac: ENC[AES256_GCM,data:mlJuYT16bx9nEFw9IRm/Tf1y0HF1aVzx8BXhf0VKWkrBQCyzx/qbjIBXIXl22wzMrz/KCZ/diNRx0Wdq2J2u3n92NQtziiDZKwK+t/zz68+cCZAgktmO0vYc+BJ5GoJPuSmeMwHkaJqt3zYGQNzOJAYK9DPrK2AIbo+O21FgtvM=,iv:c5AmWi89ZLR00LqG+bKnbW3WfmIYsyz0X9A5r91Rar0=,tag:x3vf2WTu7naRdwQbKfrJCA==,type:str]
   pgp:
     - created_at: "2025-06-01T21:41:02Z"
       enc: |-
diff --git a/inventories/chaosknoten/host_vars/ntfy.yaml b/inventories/chaosknoten/host_vars/ntfy.yaml
index 23c208b..9dc1b2b 100644
--- a/inventories/chaosknoten/host_vars/ntfy.yaml
+++ b/inventories/chaosknoten/host_vars/ntfy.yaml
@@ -1,7 +1,7 @@
 docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2') }}"
 docker_compose__configuration_files:
   - name: server.yml
-    content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/ntfy/docker_compose/server.yaml') }}"
+    content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/ntfy/docker_compose/server.yaml.j2') }}"
 
 certbot__version_spec: ""
 certbot__acme_account_email_address: le-admin@hamburg.ccc.de
diff --git a/resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2 b/resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2
index 8d29b43..50cb947 100644
--- a/resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2
+++ b/resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2
@@ -75,7 +75,7 @@ receivers:
   - name: "email-fux-critical"
     email_configs:
       - send_resolved: true
-        to: "fux@zimdahl.org,stb@lassitu.de"
+        to: "stb@lassitu.de"
         from: "alert-manager@hamburg.ccc.de"
         smarthost: "cow.hamburg.ccc.de:587"
         auth_username: "alert-manager@hamburg.ccc.de"
diff --git a/resources/chaosknoten/grafana/nginx/loki.hamburg.ccc.de.conf b/resources/chaosknoten/grafana/nginx/loki.hamburg.ccc.de.conf
index 4c39fbc..e2bf4a7 100644
--- a/resources/chaosknoten/grafana/nginx/loki.hamburg.ccc.de.conf
+++ b/resources/chaosknoten/grafana/nginx/loki.hamburg.ccc.de.conf
@@ -14,11 +14,14 @@ server {
 
     deny all;
 
+    server_name loki.hamburg.ccc.de;
+
     listen [::]:50051 ssl;
     listen 172.31.17.145:50051 ssl;
+
     http2 on;
 
-    server_name loki.hamburg.ccc.de;
+    client_body_buffer_size 512k;
 
     ssl_certificate /etc/letsencrypt/live/loki.hamburg.ccc.de/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/loki.hamburg.ccc.de/privkey.pem;
@@ -53,11 +56,14 @@ server {
     allow 2a07:c481:1::/48;
     deny all;
 
+    server_name loki.hamburg.ccc.de;
+
     listen [::]:443 ssl;
     listen 172.31.17.145:443 ssl;
+
     http2 on;
 
-    server_name loki.hamburg.ccc.de;
+    client_body_buffer_size 512k;
 
     ssl_certificate /etc/letsencrypt/live/loki.hamburg.ccc.de/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/loki.hamburg.ccc.de/privkey.pem;
diff --git a/resources/chaosknoten/grafana/nginx/metrics.hamburg.ccc.de.conf b/resources/chaosknoten/grafana/nginx/metrics.hamburg.ccc.de.conf
index bcfc428..2c52523 100644
--- a/resources/chaosknoten/grafana/nginx/metrics.hamburg.ccc.de.conf
+++ b/resources/chaosknoten/grafana/nginx/metrics.hamburg.ccc.de.conf
@@ -15,13 +15,13 @@ server {
     allow 2a07:c481:0:1::/64;
     deny all;
 
+    server_name metrics.hamburg.ccc.de;
+
     listen [::]:443 ssl;
     listen 172.31.17.145:443 ssl;
     http2 on;
 
-    server_name metrics.hamburg.ccc.de;
-
-    client_body_buffer_size 32k;
+    client_body_buffer_size 512k;
 
     ssl_certificate /etc/letsencrypt/live/metrics.hamburg.ccc.de/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/metrics.hamburg.ccc.de/privkey.pem;
diff --git a/resources/chaosknoten/ntfy/docker_compose/server.yaml b/resources/chaosknoten/ntfy/docker_compose/server.yaml.j2
similarity index 52%
rename from resources/chaosknoten/ntfy/docker_compose/server.yaml
rename to resources/chaosknoten/ntfy/docker_compose/server.yaml.j2
index a58e931..35b03ff 100644
--- a/resources/chaosknoten/ntfy/docker_compose/server.yaml
+++ b/resources/chaosknoten/ntfy/docker_compose/server.yaml.j2
@@ -7,3 +7,7 @@ cache-file: "/var/cache/ntfy/cache.db"
 attachment-cache-dir: "/var/cache/ntfy/attachments"
 auth-default-access: "deny-all"
 auth-file: "/var/lib/ntfy/user.db"
+web-push-public-key: "BCx7PqDiVNlOiAHHfSxjbTle_LN4hetwHYi58GJhQxiY33AQ663IaJVro7B28j-1KOqwdzKco3dMMwzBJl9OQ90"
+web-push-private-key: {{ secret__ntfy_web_push_private_key }}
+web-push-file: "/var/cache/ntfy/webpush.db"
+web-push-email-address: "mailto:noc@lists.hamburg.ccc.de"