monitoring: capture compute6 Diun compose (closes audit visibility gap)
Deployed 2026-06-30 to close compute6's image-update blind spot; was running on compute6 but not tracked. Includes the required security_opt apparmor=unconfined (compute6 host norm) without which Diun can't read the docker socket. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,13 @@
|
||||
# Diun on compute6
|
||||
|
||||
Closes the compute6 image-update-visibility gap found in the 2026-06-30 drift audit
|
||||
(node01/02/media-server already ran Diun; compute6 did not). Mirrors the node01/02
|
||||
crazymax/diun pattern; watches compute6's ~10 local containers via the docker socket,
|
||||
notifies the same HA webhook.
|
||||
|
||||
Deploys to compute6 at `~/diun/docker-compose.yml`.
|
||||
|
||||
**compute6 quirk:** `security_opt: apparmor=unconfined` is REQUIRED here — compute6's
|
||||
default AppArmor profile blocks the container's docker-socket access (every compute6
|
||||
container runs unconfined for this reason). Without it Diun logs "permission denied"
|
||||
on the socket and finds 0 images.
|
||||
Reference in New Issue
Block a user