Micha
cbfbb8ca4f
Self-hosted Healthchecks (ops/healthchecks/) as the hub for internal cron/job heartbeats. The three host-down/backup watchdogs (Borg pre-hook, baerchen nearline pull, monitoring watchdog #8) deliberately stay on healthchecks.io cloud, since an on-host watcher cannot report a host outage. - frontend_net + dedicated PostgreSQL 18 in healthchecks_internal - native Healthchecks auth; ping/API exempt from Authelia (n8n/Komodo pattern) - registered as middleware_exempt in ops/policy-checks/exceptions.json - docs: DECISIONS, ARCHITECTURE (3.1/4.2/7.6/10), SERVICE_CATALOG, SECRETS_MAP, MASTER_TODO, README index docker compose config validated (exit 0). Not yet deployed: host secret file, appdata dir, Komodo stack + ENV and Gitea webhook remain operator steps. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
50 lines
881 B
JSON
50 lines
881 B
JSON
{
|
|
"middleware_exempt_identities": [
|
|
"authelia",
|
|
"gitea",
|
|
"healthchecks",
|
|
"immich-server",
|
|
"immich_server",
|
|
"komodo-core",
|
|
"mealie",
|
|
"nextcloud",
|
|
"ntfy",
|
|
"paperless",
|
|
"paperless-ngx",
|
|
"vaultwarden"
|
|
],
|
|
"allowed_host_port_identities": {
|
|
"adguard": [
|
|
"53:53/tcp",
|
|
"53:53/udp",
|
|
"100.80.98.33:8082:80"
|
|
],
|
|
"gitea": [
|
|
"222:22"
|
|
],
|
|
"monitoring-influxdb3-core": [
|
|
"${INFLUXDB_BIND_IP:-127.0.0.1}:8181:8181"
|
|
],
|
|
"traefik": [
|
|
"80:80",
|
|
"443:443"
|
|
]
|
|
},
|
|
"allowed_root_identities": [
|
|
"monitoring-influxdb3-core"
|
|
],
|
|
"allowed_mutable_tag_identities": [
|
|
"ddns-updater",
|
|
"glances",
|
|
"scrutiny"
|
|
],
|
|
"allowed_privileged_identities": [
|
|
"scrutiny"
|
|
],
|
|
"allowed_host_network_identities": [
|
|
"plex",
|
|
"tailscale",
|
|
"Tailscale-Docker"
|
|
]
|
|
}
|