torjus/nixos-servers
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Compare commits

base: torjus:fa6380e76754130da2ebe59885b3e2d3ea13db6b
Branches Tags
torjus:master torjus:nrec-forgejo torjus:jellyfin-maintenance torjus:loki-monitoring02 torjus:pipe-to-loki torjus:kanidm-pam-client torjus:deploy-test-hosts torjus:homelab-deploy-metrics torjus:host-vault01
...
compare: torjus:8f29141dd173b4c07cdd38619201a26c9904b801
Branches Tags
torjus:master torjus:nrec-forgejo torjus:jellyfin-maintenance torjus:loki-monitoring02 torjus:pipe-to-loki torjus:kanidm-pam-client torjus:deploy-test-hosts torjus:homelab-deploy-metrics torjus:host-vault01

2 Commits
fa6380e767 ... 8f29141dd1

Author SHA1 Message Date
Torjus Håkestad
8f29141dd1 Merge pull request 'monitoring: exclude step-ca serving cert from general expiry alert' (#17) from monitoring-cleanup into master
All checks were successful
Run nix flake check / flake-check (push) Successful in 5m30s
Details 
Reviewed-on: #17
 2026-02-05 00:22:15 +00:00
Torjus Håkestad
3a9a47f1ad monitoring: exclude step-ca serving cert from general expiry alert
Some checks failed
Run nix flake check / flake-check (push) Failing after 6m23s
Details
Run nix flake check / flake-check (pull_request) Failing after 4m46s
Details 
The step-ca serving certificate is auto-renewed with a 24h lifetime,
so it always triggers the general < 86400s threshold. Exclude it and
add a dedicated step_ca_serving_cert_expiring alert at < 1h instead.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-05 01:12:42 +01:00
1 changed files with 9 additions and 1 deletions
Expand all files Collapse all files

10
services/monitoring/rules.yml
View File

@@ -307,13 +307,21 @@ groups:
- name: certificate_rules
rules:
- alert: certificate_expiring_soon
expr: labmon_tlsconmon_certificate_seconds_left < 86400
expr: labmon_tlsconmon_certificate_seconds_left{address!="ca.home.2rjus.net:443"} < 86400
for: 5m
labels:
severity: warning
annotations:
summary: "TLS certificate expiring soon for {{ $labels.instance }}"
description: "TLS certificate for {{ $labels.address }} is expiring within 24 hours."
- alert: step_ca_serving_cert_expiring
expr: labmon_tlsconmon_certificate_seconds_left{address="ca.home.2rjus.net:443"} < 3600
for: 5m
labels:
severity: critical
annotations:
summary: "Step-CA serving certificate expiring"
description: "The step-ca serving certificate (24h auto-renewed) has less than 1 hour of validity left. Renewal may have failed."
- alert: certificate_check_error
expr: labmon_tlsconmon_certificate_check_error == 1
for: 5m