Micha/homelab-infra
1
0
Fork 0
Code Issues 1 Pull Requests 3 Actions Packages Projects Releases Wiki Activity
Files
a5f5eb074f19b070e72780a2386c4d79e81eb5ee
homelab-infra/services/posture-check/unraid-user-scripts.md
T
Micha ad9bb40b95 Harden posture/borg audit scripts (robustness + coverage) 
Working-tree improvements to the audit scripts (authored locally, not by me;
reviewed for correctness + bash -n clean before commit):

- compose-runtime-drift: prefer `docker compose config` for the expected image
  with a raw-parse fallback; raw parser now resolves YAML anchors (*alias) so
  anchor-based composes (e.g. dawarich) no longer mis-report drift.
- komodo-stack-hygiene: treat an unreachable Komodo API as critical and exit 3
  so the Healthchecks EXIT trap sends /fail (the monitor itself is down, not
  "all green"); git fetch before hash-drift compare; clearer "cannot compare"
  message; pin in-container km host to localhost:9120.
- cert-token-check: expand monitored cert domains to the full set incl.
  hc.kaleschke.info.
- gitea-bundle-mirror: skip empty repos without refs instead of failing.
- unraid-user-scripts.md: document SEND_NTFY/NTFY_TOPIC for the daily report.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-24 11:35:55 +02:00

137 lines
3.4 KiB
Markdown
Raw Blame History

# Unraid User Scripts fuer Posture-Checks
Host-Repo-Pfad:
```text
/mnt/user/services/homelab-infra
```
## `posture-check-at-start`
Zeit: Array Start.
```bash
#!/bin/bash
bash /mnt/user/services/homelab-infra/services/posture-check/posture-check.sh
```
## `posture-check-hourly`
Zeit: stuendlich bei Minute 17, Cron `17 * * * *`.
```bash
#!/bin/bash
bash /mnt/user/services/homelab-infra/services/posture-check/posture-check.sh
```
## `cert-token-check-daily`
Zeit: taeglich 06:10, Cron `10 6 * * *`.
```bash
#!/bin/bash
bash /mnt/user/services/homelab-infra/services/posture-check/cert-token-check.sh
```
## `compose-runtime-drift-daily`
Zeit: taeglich 06:20, Cron `20 6 * * *`.
```bash
#!/bin/bash
bash /mnt/user/services/homelab-infra/services/posture-check/compose-runtime-drift.sh
```
## `prometheus-textfile-export-15min`
Zeit: alle 15 Minuten, Cron `*/15 * * * *`.
Zweck:
- Borg-Backup-Frische fuer Prometheus sichtbar machen
- kritische Container als explizite 0/1-Metrik exportieren
- Grundlage fuer `HomelabBorgBackupStale`, `HomelabBorgLastJobFailed` und `HomelabCriticalContainerDown`
```bash
#!/bin/bash
bash /mnt/user/services/homelab-infra/services/posture-check/export-prometheus-textfile.sh
```
Ziel-Datei:
```text
/mnt/user/services/posture-check/textfile/homelab.prom
```
## `homelab-operations-report-daily`
Zeit: taeglich nach Borg und den Morgenchecks, z. B. 07:30, Cron `30 7 * * *`.
Voraussetzung: SMTP-Passwort liegt **nicht im Repo**, sondern auf dem Host:
```bash
mkdir -p /mnt/user/appdata/secrets
chmod 700 /mnt/user/appdata/secrets
printf '%s' 'SMTP_PASSWORT_HIER_EINTRAGEN' > /mnt/user/appdata/secrets/homelab_smtp_password.txt
chmod 600 /mnt/user/appdata/secrets/homelab_smtp_password.txt
```
Optional fuer den Wetterbericht im Tagesreport: Grafana Service Account Token
mit Leserechten auf die Datasource in eine Host-Secret-Datei legen:
```bash
printf '%s' 'glsa_REPLACE_WITH_ROTATED_READ_TOKEN' > /mnt/user/appdata/secrets/monitoring_grafana_weather_report_token.txt
chmod 600 /mnt/user/appdata/secrets/monitoring_grafana_weather_report_token.txt
```
Der Wetterbericht-Generator nutzt `python3` auf dem Host, falls vorhanden.
Ohne Host-`python3` faellt er automatisch auf Docker mit
`python:3.13-alpine` zurueck.
User Script:
```bash
#!/bin/bash
SEND_MAIL=1 \
SEND_NTFY=1 \
NTFY_TOPIC="homelab-info" \
MAIL_MODE=always \
INCLUDE_WEATHER_REPORT=1 \
MAIL_FROM="michideheld@gmx.de" \
MAIL_TO="Mi.Kaleschke@gmx.de" \
SMTP_HOST="smtp.gmx.net" \
SMTP_PORT="587" \
SMTP_USER="michideheld@gmx.de" \
SMTP_PASS_FILE="/mnt/user/appdata/secrets/homelab_smtp_password.txt" \
bash /mnt/user/services/homelab-infra/services/posture-check/daily-status-report.sh
```
## `docker-critical-events-at-start`
Zeit: Array Start. Dieser Job startet einen Hintergrund-Watcher und beendet sich
sofort. Der Supervisor schreibt PID, stdout/stderr und Event-Log nach
`/mnt/user/services/posture-check/`.
```bash
#!/bin/bash
exec /mnt/user/services/homelab-infra/services/posture-check/docker-critical-events-supervisor.sh start
```
Status pruefen:
```bash
/mnt/user/services/homelab-infra/services/posture-check/docker-critical-events-supervisor.sh status
```
Stoppen:
```bash
/mnt/user/services/homelab-infra/services/posture-check/docker-critical-events-supervisor.sh stop
```
ntfy-Smoke-Test ohne Container-Stopp:
```bash
/mnt/user/services/homelab-infra/services/posture-check/docker-critical-events-supervisor.sh smoke
```
Reference in New Issue View Git Blame Copy Permalink