diff --git a/docker-host/hooks/install.d/90-ntfy.sh b/docker-host/hooks/install.d/90-ntfy.sh
new file mode 100755
index 0000000..b87976e
--- /dev/null
+++ b/docker-host/hooks/install.d/90-ntfy.sh
@@ -0,0 +1,89 @@
+#!/bin/bash
+
+set -eux
+
+
+NTFY_BROKER="${NTFY_BROKER:-core-01.0k.io}"
+
+## Copy Ntfy key to root/.ssh/
+
+umask 077
+ntfy_key="src/etc/ssh/ntfy-key"
+if [ ! -f "$ntfy_key" ]; then
+    echo "Error: ntfy key not found" >&2
+    exit 1
+fi
+
+ntfy_key_dest=/etc/ssh/ntfy-key
+if [ ! -f "$ntfy_key_dest" ]; then
+    cat "$ntfy_key" |
+        gpg -d --batch --yes --passphrase 'uniquepass' > "$ntfy_key_dest" || {
+        echo "Error while unpacking ntfy key to '${ntfy_key_dest}'" >&2
+        exit 1
+    }
+fi
+
+## Request token to ntfy server and add to config file 
+known_host="/root/.ssh/known_hosts"
+if ! ssh-keygen -F "$NTFY_BROKER" -f "$known_host" >/dev/null; then
+    ssh-keyscan -H "$NTFY_BROKER" >> "$known_host" || {
+        echo "Error while adding '$NTFY_BROKER' to known_hosts" >&2
+        exit 1
+    }
+fi
+
+config_file="/etc/ntfy/ntfy.conf"
+mkdir -p "${config_file%/*}"
+if ! [ -f "$config_file" ]; then
+    touch "$config_file" || {
+        echo "Error: couldn’t create config file $config_file" >&2;
+        exit 1
+    }
+fi
+
+LOGIN=""
+PASSWORD=""
+source "$config_file"
+
+## Note that we reauire the forcing of stdin to /dev/null to avoid
+## the rest of the script to be vacuumed by the ssh command.
+## This effect will only happen when launching this script in special
+## conditions involving stdin.
+cred=$(ssh -i "$ntfy_key_dest" ntfy@"${NTFY_BROKER}" \
+           request-token "$LOGIN" "$PASSWORD" </dev/null) || {
+    echo "Error while requesting token to ntfy server" >&2
+    exit 1
+}
+
+## XXXvlab: ideally it should be received from the last call
+server="https://ntfy.0k.io/"
+login=$(printf "%q" "${cred%$'\n'*}")
+password=$(printf "%q" "${cred#*$'\n'}")
+
+## check if password doesn't contain '%'
+
+for var in server login password; do
+    if [ -z "${!var}" ] || [[ "${!var}" == *$'\n'* ]]; then
+        echo "Error: couldn't infer $var from ntfy server. Received:" >&2
+        printf "%s" "$cred" | sed -r 's/^/  | /g' >&2
+        exit 1
+    fi
+    if [[ "${!var}" == *%* ]]; then
+        ## We need a separator char for sed replacement in the config file
+        echo "Error: forbidden character '%' found in $var" >&2
+        exit 1
+    fi
+    if grep -qE "^${var^^}=" "$config_file"; then
+        sed -ri "s%^${var^^}=.*$%${var^^}=\"${!var}\"%g" "$config_file"
+    else
+        echo "${var^^}=\"${!var}\"" >> "$config_file"
+    fi
+done
+
+
+if ! [ -f "/etc/ntfy/topics.yml" ]; then
+    cat <<EOF > /etc/ntfy/topics.yml
+main:
+  - \${LOGIN}_main
+EOF
+fi
diff --git a/docker-host/src/etc/ssh/ntfy-key b/docker-host/src/etc/ssh/ntfy-key
new file mode 100644
index 0000000..b971d3d
Binary files /dev/null and b/docker-host/src/etc/ssh/ntfy-key differ