From 0adddb65330ed931932a87177aef290ec319fd69 Mon Sep 17 00:00:00 2001
From: Micha <michideheld@gmx.de>
Date: Sat, 16 May 2026 14:34:35 +0200
Subject: [PATCH] Add Unraid automation script templates

---
 ops/restore-tests/unraid-user-scripts.md      | 12 ++--
 .../posture-check/compose-runtime-drift.sh    | 29 ++++++----
 .../posture-check/docker-critical-events.sh   |  4 +-
 services/posture-check/unraid-user-scripts.md | 55 +++++++++++++++++++
 4 files changed, 82 insertions(+), 18 deletions(-)
 create mode 100644 services/posture-check/unraid-user-scripts.md

diff --git a/ops/restore-tests/unraid-user-scripts.md b/ops/restore-tests/unraid-user-scripts.md
index d520826..c61839f 100644
--- a/ops/restore-tests/unraid-user-scripts.md
+++ b/ops/restore-tests/unraid-user-scripts.md
@@ -7,7 +7,7 @@ Diese Vorlagen binden die validierten Restore-Checks in Unraid User Scripts ein.
 Host-Repo-Pfad:
 
 ```text
-/mnt/user/services/homelab
+/mnt/user/services/homelab-infra
 ```
 
 ## Script 1 - `restore-freshness-weekly`
@@ -20,7 +20,7 @@ Inhalt:
 
 ```bash
 #!/bin/bash
-bash /mnt/user/services/homelab/ops/restore-tests/run-restore-checks.sh freshness \
+bash /mnt/user/services/homelab-infra/ops/restore-tests/run-restore-checks.sh freshness \
   > /mnt/user/backups/restore-reports/freshness-$(date +%F).md
 ```
 
@@ -40,7 +40,7 @@ V1-Inhalt:
 
 ```bash
 #!/bin/bash
-bash /mnt/user/services/homelab/ops/restore-tests/run-restore-checks.sh vaultwarden \
+bash /mnt/user/services/homelab-infra/ops/restore-tests/run-restore-checks.sh vaultwarden \
   > /mnt/user/backups/restore-reports/vaultwarden-$(date +%F).md
 ```
 
@@ -54,7 +54,7 @@ V1-Inhalt:
 
 ```bash
 #!/bin/bash
-bash /mnt/user/services/homelab/ops/restore-tests/run-restore-checks.sh gitea \
+bash /mnt/user/services/homelab-infra/ops/restore-tests/run-restore-checks.sh gitea \
   > /mnt/user/backups/restore-reports/gitea-$(date +%F).md
 ```
 
@@ -68,7 +68,7 @@ V1-Inhalt:
 
 ```bash
 #!/bin/bash
-bash /mnt/user/services/homelab/ops/restore-tests/run-restore-checks.sh paperless \
+bash /mnt/user/services/homelab-infra/ops/restore-tests/run-restore-checks.sh paperless \
   > /mnt/user/backups/restore-reports/paperless-$(date +%F).md
 ```
 
@@ -97,7 +97,7 @@ Beispiel:
 
 ```bash
 #!/bin/bash
-bash /mnt/user/services/homelab/ops/restore-tests/run-restore-job-with-ntfy.sh freshness homelab-restore
+bash /mnt/user/services/homelab-infra/ops/restore-tests/run-restore-job-with-ntfy.sh freshness homelab-restore
 ```
 
 Verwendete Hilfsskripte:
diff --git a/services/posture-check/compose-runtime-drift.sh b/services/posture-check/compose-runtime-drift.sh
index 8f23759..f02bcd5 100755
--- a/services/posture-check/compose-runtime-drift.sh
+++ b/services/posture-check/compose-runtime-drift.sh
@@ -24,26 +24,35 @@ add_result() {
 parse_compose() {
   local compose="$1"
   awk '
+    function clean(value) {
+      gsub(/\r/, "", value)
+      gsub(/["'\''"]/, "", value)
+      return value
+    }
+    function emit() {
+      if (service && image) {
+        print clean(container) "\t" clean(image)
+      }
+    }
     /^  [A-Za-z0-9_.-]+:/ {
+      emit()
       service=$1
       sub(/:$/, "", service)
       image=""
       container=service
+      next
     }
     service && /^    image:/ {
-      image=$2
-      gsub(/["'\'']/, "", image)
+      image=$0
+      sub(/^[[:space:]]*image:[[:space:]]*/, "", image)
+      next
     }
     service && /^    container_name:/ {
-      container=$2
-      gsub(/["'\'']/, "", container)
-    }
-    service && image && container {
-      print container "\t" image
-      service=""
-      image=""
-      container=""
+      container=$0
+      sub(/^[[:space:]]*container_name:[[:space:]]*/, "", container)
+      next
     }
+    END { emit() }
   ' "$compose"
 }
 
diff --git a/services/posture-check/docker-critical-events.sh b/services/posture-check/docker-critical-events.sh
index 5921265..95de57f 100755
--- a/services/posture-check/docker-critical-events.sh
+++ b/services/posture-check/docker-critical-events.sh
@@ -16,8 +16,8 @@ send_event() {
 
   printf '%s %s\n' "$timestamp" "$line" | tee -a "$OUTPUT_PATH" >/dev/null
 
-  if [ "$SEND_NTFY" = "1" ] && [ -x "$NTFY_SCRIPT" ]; then
-    "$NTFY_SCRIPT" "$NTFY_TOPIC" "Docker critical event" "$line" high || true
+  if [ "$SEND_NTFY" = "1" ] && [ -f "$NTFY_SCRIPT" ]; then
+    bash "$NTFY_SCRIPT" "$NTFY_TOPIC" "Docker critical event" "$line" high || true
   fi
 }
 
diff --git a/services/posture-check/unraid-user-scripts.md b/services/posture-check/unraid-user-scripts.md
new file mode 100644
index 0000000..49b341e
--- /dev/null
+++ b/services/posture-check/unraid-user-scripts.md
@@ -0,0 +1,55 @@
+# Unraid User Scripts fuer Posture-Checks
+
+Host-Repo-Pfad:
+
+```text
+/mnt/user/services/homelab-infra
+```
+
+## `posture-check-at-start`
+
+Zeit: Array Start.
+
+```bash
+#!/bin/bash
+bash /mnt/user/services/homelab-infra/services/posture-check/posture-check.sh
+```
+
+## `posture-check-hourly`
+
+Zeit: stuendlich.
+
+```bash
+#!/bin/bash
+bash /mnt/user/services/homelab-infra/services/posture-check/posture-check.sh
+```
+
+## `cert-token-check-daily`
+
+Zeit: taeglich, z. B. 06:10.
+
+```bash
+#!/bin/bash
+bash /mnt/user/services/homelab-infra/services/posture-check/cert-token-check.sh
+```
+
+## `compose-runtime-drift-daily`
+
+Zeit: taeglich, z. B. 06:20.
+
+```bash
+#!/bin/bash
+bash /mnt/user/services/homelab-infra/services/posture-check/compose-runtime-drift.sh
+```
+
+## `docker-critical-events-at-start`
+
+Zeit: Array Start. Dieser Job startet einen Hintergrund-Watcher und beendet sich sofort.
+
+```bash
+#!/bin/bash
+pgrep -f "docker events --filter event=die --filter event=oom --filter event=kill" >/dev/null && exit 0
+nohup bash /mnt/user/services/homelab-infra/services/posture-check/docker-critical-events.sh \
+  >/mnt/user/services/posture-check/docker-critical-events.out 2>&1 </dev/null &
+```
+