From 0d52c2b433053ff4e32abe8d7c8d2eb67bf3176d Mon Sep 17 00:00:00 2001 From: Daniel Langbein Date: Tue, 24 Sep 2024 18:22:34 +0200 Subject: [PATCH] journalwatch config --- modules/journalwatch.nix | 177 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 174 insertions(+), 3 deletions(-) diff --git a/modules/journalwatch.nix b/modules/journalwatch.nix index b12c6f6..94f8d16 100644 --- a/modules/journalwatch.nix +++ b/modules/journalwatch.nix @@ -111,6 +111,12 @@ ''; match = "CONTAINER_NAME = money.p1st.de"; } + { # yodaNas + filters = '' + 127\.0\.0\.1 - - \[\S+ \+0200\] "GET /health HTTP/1\.1" 200 1741 "-" "Firefly III Health Checker/[0-9\.]+" + ''; + match = "CONTAINER_NAME = money-import.p1st.de"; + } # # IMAGE_NAME @@ -191,6 +197,167 @@ \s+[0-9]+ \[[>-]+\] [0-9]+ \[[>-]+\] \s+[0-9]+ \[[>-]+\] \s+[0-9]+ \[[>-]+\]\[\S+ \S+\] NOTICE: fpm is running, pid [0-9]+ + # + Configuring Redis as session handler + => Searching for scripts \(\*\.sh\) to run, located in the folder: /docker-entrypoint-hooks\.d/before-starting + Executing /occ_entrypoint\.sh + Waiting for DB connection \.\.\. + installed and image version: + \s+[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ + Nextcloud is installed\. + occ command /env/001: upgrade + Nextcloud is already latest version + occ command /env/002: user:setting \S+ settings email \S+ + occ command /env/003: config:system:delete trusted_domains + System config value trusted_domains deleted + occ command /env/004: config:system:set trusted_domains [0-9]+ --value=\S+ + System config value trusted_domains => [0-9]+ set to string \S+ + occ command /env/007: config:system:set --value '172\.16\.0\.0/12' 'trusted_proxies' '0' + System config value trusted_proxies => 0 set to string 172\.16\.0\.0/12 + occ command /env/009: config:system:set --type=string --value 'https' 'overwriteprotocol' + System config value overwriteprotocol set to string https + occ command /env/010: config:system:set --type=string --value '\S+' 'overwrite\.cli\.url' + System config value overwrite\.cli\.url set to string https://\S+ + occ command /env/011: db:add-missing-columns + Done\. + occ command /env/011: db:add-missing-primary-keys + occ command /env/012: db:add-missing-indices + occ command /env/014: db:convert-filecache-bigint --no-interaction + All tables already up to date! + occ command /env/015: encryption:migrate-key-storage-format + Updating key storage format + Start to update the keys: + Key storage format successfully updated + occ command /env/016: maintenance:repair --include-expensive + - Repair MySQL collation + - All tables already have the correct collation -> nothing to do + - Clean tags and favorites + - 0 tags of deleted users have been removed\. + - 0 tags for delete files have been removed\. + - 0 tag entries for deleted tags have been removed\. + - 0 tags with no entries have been removed\. + - Repair invalid shares + - Move \.step file of updater to backup location + - Add move avatar background job + - Repair step already executed + - Add preview cleanup background jobs + - Migrate oauth2_clients table to nextcloud schema + - Update the oauth2_access_tokens table schema\. + - Update the oauth2_clients table schema\. + - Delete clients \(and their related access tokens\) with the redirect_uri starting with oc:// or ending with \* + - Fix potential broken mount points + - No mounts updated + - Repair language codes + - Add log rotate job + - Clear frontend caches + - Image cache cleared + - JS cache cleared + - Clear every generated avatar + - Add preview background cleanup job + - Queue a one-time job to cleanup old backups of the updater + - Cleanup invalid photocache files for carddav + - Add background job to cleanup login flow v2 tokens + - Remove potentially over exposing share links + - No need to remove link shares\. + - Clear access cache of projects + - Reset generated avatar flag + - Keep legacy encryption enabled + - Check encryption key format + - Remove old dashboard app config data + - Add job to cleanup the bruteforce entries + - Queue a one-time job to check for user uploaded certificates + - Repair DAV shares + - Add background job to set the lookup server share state for users + - Add token cleanup job + - Clean up abandoned apps + - Add possibly missing system config + - Add AI tasks cleanup job + - Queue a job to generate metadata + - migrate lazy config values + - Cache logo dimension to fix size in emails on Outlook + - Logo dimensions are already known + - Remove shares of old group memberships + - Repair mime types + - Validate the phone number and store it in a known format for search + - Handle outdated scheduling events + - Cleaning up old scheduling events + - Deduplicate shared bookmark folders + - Removed 0 duplicate shares + - Remove superfluous shared bookmark folders + - Removed 0 superfluous shares + - Remove orphaned bookmark shares + - Removed 0 orphaned shares + - Removed 0 orphaned public links + - Remove orphaned bookmark tree items + - Removed 0 orphaned \S+ entries + - Reinserted 0 orphaned children entries + - Reinserted 0 orphaned bookmarks + - Update bookmark group shares + - Removed 0 users and added 0 users to 0 groups + - Removed 0 shares + - Upgrading Circles App + - Fix component of birthday calendars + - 8 birthday calendars updated\. + - Regenerating birthday calendars to use new icons and fix old birthday events without year + - Fix broken values of calendar objects + - Registering building of calendar search index as background job + - Register building of social profile search index as background job + - Registering background jobs to update cache for webcal calendars + - Added 0 background jobs to update webcal calendars + - Registering building of calendar reminder index as background job + - Clean up orphan event and contact data + - 0 \S+ without a calendar have been cleaned up + - Remove activity entries of private events + - Removed 0 activity entries + - Clean up old calendar subscriptions from deleted users that were not cleaned-up + - 0 calendar subscriptions without an user have been cleaned up + - Remove invalid object properties + - 0 invalid object properties removed\. + - 0 invalid object properties removed. + - Copy the share password into the dedicated column + - Set existing shares as accepted + - Migrate timestamp values to integer to store unix epoch + - Remove the unused News update job + - Job does not exist, all good + - Update OAuth token expiration times + - init metadata + - Polls - Drop orphaned tables + - No orphaned tables found + - Polls - Drop orphaned columns + - Polls - Create hashes for votes and options + - Updated [0-9]+ option hashes + - Updated [0-9]+ vote hashes + - Polls - Delete duplicates and orphaned records + - Polls - Create indices and foreign key constraints + - Added oc_polls_polls\['poll_id'\] <- oc_polls_\S+\['id'\] + - Index \S+ already exists in oc_polls_\S+ + - Polls - Foreign key contraints created\. + - Polls - Indices created\. + - Create help command + - Invalidate access cache for projects conversation provider + - Invalidation not required + - Cache the user display names + - Send an admin notification if monthly report is disabled + - Force-reset all Text document sessions + - Initialize migration of background images from dashboard to theming app + - Add background job to check for backup codes + - Populating added database structures for workflows + occ command /env/017: app:update --all + # + (drawio|memories|metadata|gpoddersync|deck|bookmarks|recommendations) new version available: [0-9]+\.[0-9]+\.[0-9]+ + (drawio|memories|metadata|gpoddersync|deck|bookmarks|recommendations) updated + No such app enabled: (drawio|memories|metadata|gpoddersync|deck|bookmarks|recommendations) + # + occ command /env/018: config:system:set --type=string --value '/shared' 'share_folder' + System config value share_folder set to string /shared + occ command /env/019: config:system:delete 'skeletondirectory' + System config value skeletondirectory deleted + occ command /env/020: config:system:set --type=string --value 'DE' 'default_phone_region' + System config value default_phone_region set to string DE + occ command /env/021: config:system:set --type=integer --value '30' 'activity_expire_days' + System config value activity_expire_days set to integer 30 + occ command /env/022: config:system:set --type=boolean --value 'false' 'activity_use_cached_mountpoints' + System config value activity_use_cached_mountpoints set to boolean false ''; match = "IMAGE_NAME = /nc_app_[^-_\\s]+/"; } @@ -356,7 +523,7 @@ \+\+\+ /mnt/data/\S+/\S+ \+\+\+ /snap/\S+ ''; - match = "_SYSTEMD_UNIT = btrbk-local-snapshot-ssd.service"; + match = "_SYSTEMD_UNIT = /btrbk-local-snapshot-(hdd|ssd)\\.service/"; } { # yodaHedgehog @@ -364,13 +531,13 @@ info: OpenSMTPD \S+-portable starting \S+ smtp connected address=local host=${config.networking.hostName} \S+ smtp message msgid=\S+ size=\S+ nrcpt=1 proto=ESMTP - \S+ smtp envelope evpid=[0-9a-c]+ from= to=\S+ + \S+ smtp envelope evpid=[0-9a-f]+ from= to=\S+ \S+ smtp disconnected reason=quit \S+ mta connecting address=smtps://\S+ host=\S+ \S+ mta connected \S+ mta tls ciphers=TLSv1.3:TLS_AES_256_GCM_SHA384:256 #\S+ mta cert-check result=\\"valid\\" fingerprint=\S+ - \S+ mta cert-check result="valid" fingerprint="SHA256:[0-9a-c]+" + \S+ mta cert-check result="valid" fingerprint="SHA256:[0-9a-f]+" \S+ mta delivery evpid=\S+ from=\S+ to=\S+ rcpt=<-> source=\S+ relay="\S+ \(\S+\)" delay=\S+ result="Ok" stat="250 2.0.0 Ok: queued as \S+" \S+ mta disconnected reason=quit messages=1 Exiting @@ -388,6 +555,8 @@ # # Somebody evil ... # + Invalid user \S+ from \S+ port \S+ + Disconnected from invalid user \S+ \S+ port \S+ \[preauth\] Disconnected from authenticating user root \S+ port \S+ \[preauth\] Received disconnect from \S+ port \S+:11: Bye Bye \[preauth\] Connection closed by \S+ port \S+ \[preauth\] @@ -537,6 +706,8 @@ } { filters = ('' + # Somebody evil iterating through different ports + refused connection: IN=\S+ OUT= MAC=\S+ SRC=\S+ DST=\S+ LEN=\S+ TC=0 HOPLIMIT=255 FLOWLBL=\S+ PROTO=TCP SPT=\S+ DPT=\S+ WINDOW=\S+ RES=0x00 SYN URGP=0 # Ignore. systemd\[[0-9]\]: memfd_create\(\) called without MFD_EXEC or MFD_NOEXEC_SEAL set # Ignore.