From 2844b63b378c4deeeee4119152f6f81de4604396 Mon Sep 17 00:00:00 2001 From: Micha Date: Tue, 23 Jun 2026 20:49:30 +0200 Subject: [PATCH] posture-check: endpoint-agnostic Healthchecks heartbeat ping Wrap main() with a Healthchecks ping (start + success/fail). The capability ping URL is read from $HEALTHCHECKS_POSTURE_URL or the host secret file /mnt/user/appdata/secrets/healthchecks_posture_url (never in the repo, same pattern as pre-borg.sh). Exit code preserved; warning/critical still count as "ran" (posture alerts stay on ntfy), only a real abort (rc>2) pings /fail. Co-Authored-By: Claude Opus 4.8 --- services/posture-check/posture-check.sh | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/services/posture-check/posture-check.sh b/services/posture-check/posture-check.sh index 5a43d95..b0abb4e 100755 --- a/services/posture-check/posture-check.sh +++ b/services/posture-check/posture-check.sh @@ -429,4 +429,21 @@ main() { write_json } -main "$@" +# --- Healthchecks Heartbeat (endpoint-agnostisch; Capability-URL ist ein Secret, nie ins Repo) --- +HEALTHCHECKS_POSTURE_URL="${HEALTHCHECKS_POSTURE_URL:-}" +HEALTHCHECKS_POSTURE_URL_FILE="${HEALTHCHECKS_POSTURE_URL_FILE:-/mnt/user/appdata/secrets/healthchecks_posture_url}" +if [ -z "$HEALTHCHECKS_POSTURE_URL" ] && [ -r "$HEALTHCHECKS_POSTURE_URL_FILE" ]; then + HEALTHCHECKS_POSTURE_URL="$(tr -d '[:space:]' < "$HEALTHCHECKS_POSTURE_URL_FILE")" +fi +hc_ping() { + [ -n "$HEALTHCHECKS_POSTURE_URL" ] || return 0 + curl -fsS -m 10 --retry 3 "${HEALTHCHECKS_POSTURE_URL}${1:-}" >/dev/null 2>&1 || true +} + +hc_ping "/start" +rc=0 +main "$@" || rc=$? +# Exit 0/1/2 = ok/warning/critical: der Monitor LIEF (Posture-Alarme laufen separat via ntfy). +# Nur ein echter Abbruch (rc>2) ist ein Job-Fehler -> /fail. +if [ "$rc" -le 2 ]; then hc_ping ""; else hc_ping "/fail"; fi +exit "$rc"