monitoring: capture compute6 Diun compose (closes audit visibility gap)

Deployed 2026-06-30 to close compute6's image-update blind spot; was running on
compute6 but not tracked. Includes the required security_opt apparmor=unconfined
(compute6 host norm) without which Diun can't read the docker socket.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
tommy
2026-06-30 22:44:42 -05:00
parent 0dea324551
commit 3746f3fe7c
2 changed files with 46 additions and 0 deletions
+13
View File
@@ -0,0 +1,13 @@
# Diun on compute6
Closes the compute6 image-update-visibility gap found in the 2026-06-30 drift audit
(node01/02/media-server already ran Diun; compute6 did not). Mirrors the node01/02
crazymax/diun pattern; watches compute6's ~10 local containers via the docker socket,
notifies the same HA webhook.
Deploys to compute6 at `~/diun/docker-compose.yml`.
**compute6 quirk:** `security_opt: apparmor=unconfined` is REQUIRED here — compute6's
default AppArmor profile blocks the container's docker-socket access (every compute6
container runs unconfined for this reason). Without it Diun logs "permission denied"
on the socket and finds 0 images.