- glance zusaetzlich in monitoring_net (nur lesende Prometheus-Query, kein neuer Listener)
- Borg-Widget: Backup-Alter aus homelab_borg_last_completed_timestamp_seconds, Status aus homelab_borg_last_success
- Theme-Presets synthwave und matrix
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- Home rechte Spalte: Internet+Speed in einem Widget, DNS-und-VPN-Monitor entfernt, Container-Listen als Tab-Gruppe
- Infrastructure: Container-Listen als Tab-Gruppe, Mealie-Statistik auf /api/admin/about/statistics (404-Fix)
- Commit-Widgets: toRelativeTime als span-Attribut, nur erste Commit-Zeile
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- Hash drift now requires actual file changes inside the stack's
compose-dir between deployed_hash and latest_hash. Komodo's
deployed_hash bumps only on redeploy while latest_hash tracks master
HEAD, which produced six false-positive "Pending Update" warnings
for stacks whose own files never changed.
- Add EXPECTED_NOT_IN_KOMODO env (default: hermes-agent) for compose
files intentionally not Komodo-managed (work-in-progress, build/dev
compose).
End-to-end run on host: 0 critical, 0 warnings.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Cron registered in /boot/config/plugins/user.scripts and live in
/etc/cron.d/root after update_cron. First scheduled run: Sun 05:00.
End-to-end smoke test on host: 6 warnings, 0 critical.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Catches the failure class that let immich_new slip through: stacks
without a configured repo, project_missing, hash drift, and repo
compose files without a matching Komodo stack. Dry-run on host found
6 honest warnings, 0 critical. Wrapper as Unraid User Script for
weekly cadence is tracked in MASTER_TODO.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
eth0 DNS server 2 = 192.168.178.1 (FRITZ!Box) is set as failover behind
AdGuard. Mark the komodo-bulk-deploy-dns runbook immediate measure as
implemented. Closes the AdGuard SPOF for Docker image pulls.
Ref: docs/homelab-optimierung.md recommendation 3a.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Daily snapshots at 05:30 UTC (after the 04:30 local Borg run), 7 days
retention, snapshot directory visible for single-file restore via
.zfs/snapshot/. Closes the ransomware/misuse gap left open by the
explicit decision against Borg append-only (2026-06-01).
Ref: docs/homelab-optimierung.md recommendation 2.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Digests unchanged (verified against GHCR manifest API: release ==
v2.7.5 for both images). Renovate now produces visible version PRs
instead of silent digest bumps that hide major version jumps.
Ref: docs/homelab-optimierung.md recommendation 1.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Codex CLI auto-reads AGENTS.md; file only points to AI_CONTEXT,
architecture master, workflow and the binding doc rules - no duplicated
content (one fact, one home).
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- REPO_MAP.md: replace Arbeitsregel with 8 binding documentation rules
(one fact one home, done leaves the working copy, file types, header
convention, quarterly gardening)
- WORKFLOW.md Dokumentationspflicht and CLAUDE.md aligned to the rules
- docs/README.md index rebuilt for the consolidated state
- H drive docs merged into ops/h-drive-nearline/README.md (scheduled
task + no-MIR rule added); docs/H_DRIVE_NEARLINE_PULL.md removed
- implemented proposal archived to docs/archive/2026/
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- merge RESTORE_HANDBOOK.md into ops/restore-tests/README.md (single
operations doc; restore status lives only in RESTORE_MATRIX maturity
table)
- RESTORE_MATRIX.md: extract embedded runbook drafts (261 -> 141 lines);
unraid-flash and tailscale stubs become ops/restore-tests runbooks,
adguard/redis checklists superseded by validated scripts
- delete six historical pre-first-run *-plan.md files (runbook + script
are the source of truth since the validated first runs)
- SERVICES_RECOVERY: drop completed task table; DISASTER_RECOVERY:
point related docs and section 11 to MASTER_TODO/schedule
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- MASTER_TODO.md is now the only status list: parked decisions point to
DECISIONS.md, done log capped at 5 condensed entries
- delete AUDIT_2026-05-25_TODO.md (open items and parked decisions fully
covered by MASTER_TODO/DECISIONS)
- AI_CONTEXT.md: drop duplicated status block, keep rules and pointers
- EXTERNAL_DEPENDENCIES.md: condense review log to recent entries
- fix references in DR_WORKSTATION_SETUP, EXTERNAL_OPERATOR_RUNBOOK,
STORAGE_LAYOUT, REPO_MAP, docs/README
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Der komodo-Stack wird in Komodo inline (file_contents) verwaltet, nicht aus dem Repo deployed. Renovate-PRs darauf wirken zur Laufzeit nicht und erzeugen Git-Komodo-Scheinsicherheit. Daher: ops/komodo/** in ignorePaths, mongo-Digest auf den real laufenden Stand zurueckgesetzt, Inline-Ausnahme in docs/RENOVATE.md und im Compose-Header dokumentiert.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Bulk-Renovate-Merge loest parallele Komodo-Deploys aus; Image-Pulls scheitern mit DNS connection refused, weil AdGuard (einziger Host-Resolver) im selben Batch recreated wird. Runbook haelt Symptom, Ursache, Sofortmassnahme (Unraid DNS2) und Betriebsregel fest. Verweis in REPO_MAP ergaenzt.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Traefik (Public-Entrypoint), Unbound (DNS), n8n und Nextcloud bekommen eigene PRs statt im gruppierten minor-and-patch-updates-PR zu landen. Erzwingt kontrollierten, einzeln reviewbaren Merge pro kritischem Dienst (WORKFLOW.md: keine mehreren kritischen Dienste gleichzeitig migrieren).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Bekannte Noise-Patterns, die strukturell sehr laut sind (Unraid-mdadm-Spam
~5760/Tag, Fritz!Box-SOA ~1170/Tag), hielten den Report-Status dauerhaft
auf >= WARNUNG ueber noise_threshold_exceeded und entwerteten damit die
Ampel - das System konnte nie OK erreichen, egal wie gesund.
Neue Datei noise-escalation-exempt.patterns listet solche Patterns. Sie
zaehlen weiterhin als Noise und erscheinen in der Breakdown-Tabelle (jetzt
mit Hinweis-Spalte "eskalations-befreit"), zaehlen aber nicht mehr zu
noise_threshold_exceeded. Neue/unerwartete laute Patterns eskalieren
weiterhin zur WARNUNG. Jede Befreiung traegt Begruendung + Recheck.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Micha
renovate