Micha/homelab-infra
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

cert-token-check: Healthchecks heartbeat; document internal ping URLs

Browse Source 
Add the same endpoint-agnostic Healthchecks ping wrapper to cert-token-check.sh
(daily) as in posture-check.sh; capability URL from host secret file
healthchecks_cert_token_url. SECRETS_MAP: document the per-job internal ping
URL files. MASTER_TODO: posture-check + cert-token-check wired and verified
(status up); project KalliLab CORE + ntfy integration created.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Micha
2026-06-23 20:56:13 +02:00
parent 5ca4922d8d
commit a137129c75
3 changed files with 25 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/SECRETS_MAP.md
+1
View File
@@ -57,6 +57,7 @@ Dieses Dokument listet sensible Daten, deren Ablageorte und die vorgesehene Einb
| Healthchecks self-hosted | Superuser Login | Komodo Stack-ENV `${HEALTHCHECKS_SUPERUSER_EMAIL}` (Login-Mail) + `${HEALTHCHECKS_SUPERUSER_PASSWORD}`; **Login-Passwort als Host-Datei** `/mnt/user/appdata/secrets/healthchecks_superuser_password.txt` (nach erstem Login aenderbar) | aktiv (2026-06-23) |
| Healthchecks self-hosted | Gitea->Komodo Webhook Secret | `/mnt/user/appdata/secrets/healthchecks_webhook_secret.txt` (chmod 600) = per-Stack `webhook_secret` in Komodo; im Gitea-Hook identisch eintragen | aktiv (2026-06-23) |
| healthchecks-postgres | DB Password | `/mnt/user/appdata/secrets/healthchecks_postgres_password.txt` -> `POSTGRES_PASSWORD_FILE` | aktiv (2026-06-23) |
| Healthchecks self-hosted (interne Job-Pings) | Ping-/Capability-URLs | je Job eine Datei `/mnt/user/appdata/secrets/healthchecks_<job>_url` (chmod 600), z. B. `healthchecks_posture_url`; gelesen vom jeweiligen Script (`HEALTHCHECKS_<JOB>_URL`/Datei, endpoint-agnostisch wie `pre-borg.sh`). Capability-URL -> wie Secret behandeln, nie ins Repo | aktiv (2026-06-23) |
| Unraid Flash Backup | Boot-/Array-/Share-/Plugin-Konfiguration, ggf. Hashes/Keys/Templates | `/mnt/user/backups/borg/dumps/latest/unraid-flash-config.tar.gz`, via Borg/Hetzner gesichert | aktiv; wie Secret-Material behandeln |
| Hermes Agent | Provider-Keys, Bot-Tokens, API-Server-Key | `/mnt/user/appdata/hermes-agent/data/.env` | VM-seitig offen |
| Hermes Agent | SSH-Runner Private Key | `/mnt/user/appdata/secrets/hermes_runner_id_ed25519` -> `/root/.ssh/id_ed25519` | VM-seitig offen |