viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
infra/stacks/monitoring/modules/monitoring
History
Viktor Barzin 8a3bbde38c mailserver: silence mixed-TLS-directive warning + drop SMTP scanner noise from Loki 
Two mailserver-namespace log-noise cleanups (cluster's #1 Loki error
source, from the 2026-06-06 log triage):

1. TLS warning: docker-mailserver SSL_TYPE=manual writes the authoritative
   smtpd_tls_chain_files at boot, so the legacy smtpd_tls_cert_file/key_file
   in our postfix-main.cf override were IGNORED and triggered postfix's
   'Both smtpd_tls_chain_files and ... legacy ...' warning. Dropped the two
   legacy lines (functional no-op; chain_files already wins). Verified via
   live postconf.

2. Scanner noise (~9k lines/hr): narrow Alloy stage.drop for the benign
   public-SMTP probe patterns (unknown[unknown] SSL_accept resets, postscreen
   half-open drops, rate-limit-exceeded from unknown). Real delivery logs +
   real-IP SASL failures KEPT; CrowdSec bans these IPs independently, so
   security posture is unchanged. Validated with 'alloy fmt' (exit 0).
   Reversible.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-06 16:51:26 +00:00
..
dashboards monitoring(grafana): add professional "Cluster Logs" dashboard (Logs folder) 2026-06-05 17:03:45 +00:00
server-power-cycle Add broker-sync Terraform stack (#7) 2026-04-17 21:17:45 +01:00
alloy.yaml mailserver: silence mixed-TLS-directive warning + drop SMTP scanner noise from Loki 2026-06-06 16:51:26 +00:00
authentik_walloff_probe.tf Reapply "tripit: Gmail ingest (12-month) + vbarzin owner + plans@ forward-to-parse" 2026-06-03 10:24:25 +00:00
Dockerfile extract monitoring, nvidia, mailserver, cloudflared, kyverno from platform [ci skip] 2026-03-17 21:34:11 +00:00
goflow2.tf monitoring: KEEL/tier ignore_changes on 5 exporters [ci skip] 2026-05-31 15:33:30 +00:00
grafana.tf monitoring(grafana): add professional "Cluster Logs" dashboard (Logs folder) 2026-06-05 17:03:45 +00:00
grafana_chart_values.yaml monitoring: protect grafana ingress with authentik + disable anonymous 2026-05-10 17:01:50 +00:00
idrac.tf monitoring: migrate R730 iDRAC scraping to SNMP (fast primary) + thin Redfish remnant 2026-06-05 16:33:20 +00:00
k8s-monitoring-values.yaml cleanup: remove calibre and audiobookshelf stacks after ebooks migration [ci skip] 2026-03-25 23:56:07 +02:00
loki.tf monitoring: KEEL/tier ignore_changes on 5 exporters [ci skip] 2026-05-31 15:33:30 +00:00
loki.yaml monitoring: right-size loki memory request 3Gi->1Gi (quota 89%->79%) 2026-06-05 09:19:11 +00:00
loki_ingress.tf monitoring: fix ingress auth-comment guard for loki-write-ingress 2026-06-05 13:36:43 +00:00
main.tf cluster-health: emergency-stop Keel + roll back image downgrades + quota raises 2026-05-26 18:48:50 +00:00
prometheus.tf monitoring: add local-only prometheus-query.lan ingress for ha-sofia SNMP sensors 2026-06-05 17:25:06 +00:00
prometheus_chart_values.tpl monitoring: NodeFilesystemFull 90%->95% + Synology storage runbook 2026-06-05 18:18:31 +00:00
prometheus_snmp_chart_values.yaml extract monitoring, nvidia, mailserver, cloudflared, kyverno from platform [ci skip] 2026-03-17 21:34:11 +00:00
pve_exporter.tf monitoring: KEEL/tier ignore_changes on 5 exporters [ci skip] 2026-05-31 15:33:30 +00:00
snmp_exporter.tf monitoring: KEEL/tier ignore_changes on 5 exporters [ci skip] 2026-05-31 15:33:30 +00:00
ups_snmp_values.yaml monitoring: migrate R730 iDRAC scraping to SNMP (fast primary) + thin Redfish remnant 2026-06-05 16:33:20 +00:00