Micha/homelab-infra
1
0
Fork 0
Code Issues 1 Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Document review matrix and drift checks

Browse Source
This commit is contained in:
Micha
2026-06-26 08:29:32 +02:00
parent ad9bb40b95
commit 5fbda4989d
15 changed files with 282 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
services/posture-check/posture-check.sh
+43 -1
View File
@@ -11,7 +11,9 @@ ALLOW_DISK1_NTFS="${ALLOW_DISK1_NTFS:-0}"
ALERT_STATE_PATH="${ALERT_STATE_PATH:-/mnt/user/services/posture-check/last-alert.state}"
ALERT_REPEAT_SECONDS="${ALERT_REPEAT_SECONDS:-86400}"
SKIP_AUTHELIA_DRIFT="${SKIP_AUTHELIA_DRIFT:-0}"
SKIP_TRAEFIK_DYNAMIC_DRIFT="${SKIP_TRAEFIK_DYNAMIC_DRIFT:-0}"
AUTHELIA_DIFF_SCRIPT="${AUTHELIA_DIFF_SCRIPT:-/mnt/user/services/homelab-infra/services/authelia-diff.sh}"
TRAEFIK_DYNAMIC_DIFF_SCRIPT="${TRAEFIK_DYNAMIC_DIFF_SCRIPT:-/mnt/user/services/homelab-infra/services/traefik-dynamic-diff.sh}"
mkdir -p "$TMP_DIR"
RESULTS_FILE="$TMP_DIR/results.$$"
@@ -232,10 +234,12 @@ check_authelia_config_drift() {
return
fi
local output
local output=""
local rc
set +e
output="$(bash "$AUTHELIA_DIFF_SCRIPT" 2>&1)"
rc=$?
set -e
case "$rc" in
0)
@@ -256,6 +260,43 @@ check_authelia_config_drift() {
esac
}
check_traefik_dynamic_drift() {
if [ "$SKIP_TRAEFIK_DYNAMIC_DRIFT" = "1" ]; then
add_result "ok" "traefik_dynamic_drift" "Traefik dynamic drift check skipped via SKIP_TRAEFIK_DYNAMIC_DRIFT=1"
return
fi
if [ ! -x "$TRAEFIK_DYNAMIC_DIFF_SCRIPT" ] && [ ! -f "$TRAEFIK_DYNAMIC_DIFF_SCRIPT" ]; then
add_result "warning" "traefik_dynamic_drift" "Traefik dynamic diff script missing: $TRAEFIK_DYNAMIC_DIFF_SCRIPT"
return
fi
local output=""
local rc
set +e
output="$(bash "$TRAEFIK_DYNAMIC_DIFF_SCRIPT" 2>&1)"
rc=$?
set -e
case "$rc" in
0)
add_result "ok" "traefik_dynamic_drift" "Traefik dynamic repo baseline matches host directory"
;;
1)
add_result "warning" "traefik_dynamic_drift" "Traefik dynamic repo<->host drift; run traefik-dynamic-diff.sh for details"
;;
2)
add_result "warning" "traefik_dynamic_drift" "Traefik dynamic diff aborted: $output"
;;
4)
add_result "warning" "traefik_dynamic_drift" "Traefik dynamic diff missing tool: $output"
;;
*)
add_result "warning" "traefik_dynamic_drift" "Traefik dynamic diff returned unexpected rc=$rc: $output"
;;
esac
}
send_ntfy() {
local severity="$1"
local topic="$2"
@@ -426,6 +467,7 @@ main() {
check_nvme_smart
check_authelia_config_drift
check_traefik_dynamic_drift
write_json
}