Working-tree improvements to the audit scripts (authored locally, not by me;
reviewed for correctness + bash -n clean before commit):
- compose-runtime-drift: prefer `docker compose config` for the expected image
with a raw-parse fallback; raw parser now resolves YAML anchors (*alias) so
anchor-based composes (e.g. dawarich) no longer mis-report drift.
- komodo-stack-hygiene: treat an unreachable Komodo API as critical and exit 3
so the Healthchecks EXIT trap sends /fail (the monitor itself is down, not
"all green"); git fetch before hash-drift compare; clearer "cannot compare"
message; pin in-container km host to localhost:9120.
- cert-token-check: expand monitored cert domains to the full set incl.
hc.kaleschke.info.
- gitea-bundle-mirror: skip empty repos without refs instead of failing.
- unraid-user-scripts.md: document SEND_NTFY/NTFY_TOPIC for the daily report.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Add the same endpoint-agnostic Healthchecks ping wrapper to cert-token-check.sh
(daily) as in posture-check.sh; capability URL from host secret file
healthchecks_cert_token_url. SECRETS_MAP: document the per-job internal ping
URL files. MASTER_TODO: posture-check + cert-token-check wired and verified
(status up); project KalliLab CORE + ntfy integration created.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Micha