Working-tree improvements to the audit scripts (authored locally, not by me;
reviewed for correctness + bash -n clean before commit):
- compose-runtime-drift: prefer `docker compose config` for the expected image
with a raw-parse fallback; raw parser now resolves YAML anchors (*alias) so
anchor-based composes (e.g. dawarich) no longer mis-report drift.
- komodo-stack-hygiene: treat an unreachable Komodo API as critical and exit 3
so the Healthchecks EXIT trap sends /fail (the monitor itself is down, not
"all green"); git fetch before hash-drift compare; clearer "cannot compare"
message; pin in-container km host to localhost:9120.
- cert-token-check: expand monitored cert domains to the full set incl.
hc.kaleschke.info.
- gitea-bundle-mirror: skip empty repos without refs instead of failing.
- unraid-user-scripts.md: document SEND_NTFY/NTFY_TOPIC for the daily report.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Add endpoint-agnostic Healthchecks pings to the three remaining scheduled
host-audit jobs via an EXIT-trap merge (start + success/fail), so the body of
each script (incl. the 1400-line daily-status-report) stays untouched. Exit
0/1/2 = ran (ok/warning/critical); only rc>2 pings /fail. Capability URLs come
from per-job host secret files (healthchecks_<job>_url), never in the repo.
bash -n verified.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Micha