diff --git a/options/services.nix b/options/services.nix
index beb7f30..5e630aa 100644
--- a/options/services.nix
+++ b/options/services.nix
@@ -24,6 +24,10 @@ in
     navidrome.enable = mkEnableOption "navidrome";
 
     ntfy-sh.enable = mkEnableOption "ntfy-sh";
+    ntfy-sh.client.enable = mkOption {
+      type = types.bool;
+      default = config.profile.services.ntfy-sh.enable;
+    };
 
     telemetry = {
       enable = mkEnableOption "telemetry";
diff --git a/profiles/castle.nix b/profiles/castle.nix
index eb0aceb..59d66c0 100644
--- a/profiles/castle.nix
+++ b/profiles/castle.nix
@@ -96,5 +96,6 @@ in
     programs.easyeffects.enable = true;
     programs.wezterm.enable = true;
     podman.enable = true;
+    services.ntfy-sh.client.enable = true;
   };
 }
diff --git a/system/services/ntfy-sh.nix b/system/services/ntfy-sh.nix
index 41c021d..1e1f207 100644
--- a/system/services/ntfy-sh.nix
+++ b/system/services/ntfy-sh.nix
@@ -1,14 +1,45 @@
 { config, pkgs, lib, ... }:
 let
   cfg = config.profile.services.ntfy-sh;
+  client = cfg.client;
   inherit (lib) mkIf;
   domain = "ntfy.tigor.web.id";
+  listenAddress = "0.0.0.0:15150";
 in
-{
-  config = mkIf cfg.enable {
+lib.mkMerge [
+  (mkIf cfg.enable {
     services.caddy.virtualHosts.${domain}.extraConfig = ''
-      reverse_proxy ${config.services.ntfy-sh.settings.listen-http}
+      reverse_proxy ${listenAddress}
     '';
+
+    services.ntfy-sh = {
+      enable = true;
+      settings =
+        let
+          base-dir = "/var/lib/ntfy-sh";
+        in
+        rec {
+          listen-http = listenAddress;
+          behind-proxy = true;
+          base-url = "https://${domain}";
+
+          # Performance. Cache and Batching.
+          cache-file = "${base-dir}/cache.db";
+          cache-duration = "24h";
+          cache-batch-size = 10;
+          cache-batch-timeout = "1s";
+
+          # Auth
+          auth-file = "${base-dir}/auth.db";
+          auth-default-access = "deny-all";
+
+          # Attachments
+          attachment-cache-dir = "${base-dir}/attachments";
+          attachment-expiry-duration = cache-duration;
+        };
+    };
+  })
+  (mkIf client.enable {
     environment.systemPackages = with pkgs; [
       # Access to `ntfy` cli tool
       ntfy-sh
@@ -42,32 +73,5 @@ in
           };
         };
     };
-
-    services.ntfy-sh = {
-      enable = true;
-      settings =
-        let
-          base-dir = "/var/lib/ntfy-sh";
-        in
-        rec {
-          listen-http = "0.0.0.0:15150";
-          behind-proxy = true;
-          base-url = "https://${domain}";
-
-          # Performance. Cache and Batching.
-          cache-file = "${base-dir}/cache.db";
-          cache-duration = "24h";
-          cache-batch-size = 10;
-          cache-batch-timeout = "1s";
-
-          # Auth
-          auth-file = "${base-dir}/auth.db";
-          auth-default-access = "deny-all";
-
-          # Attachments
-          attachment-cache-dir = "${base-dir}/attachments";
-          attachment-expiry-duration = cache-duration;
-        };
-    };
-  };
-}
+  })
+]