feat: Configure status.vrije.cloud and auto-monitor integration

Updates to Uptime Kuma monitoring setup: DNS Configuration: - Added DNS A record for status.vrije.cloud -> 94.130.231.155 - Updated Uptime Kuma container to use status.vrije.cloud domain - HTTPS access via nginx-proxy with Let's Encrypt SSL Automated Monitor Management: - Created scripts/add-client-to-monitoring.sh - Created scripts/remove-client-from-monitoring.sh - Integrated monitoring into deploy-client.sh (step 5/5) - Integrated monitoring into destroy-client.sh (step 0/7) - Deployment now prompts to add monitors after success - Destruction now prompts to remove monitors before deletion Email Notification Setup: - Created docs/uptime-kuma-email-setup.md with complete guide - SMTP configuration using smtp.strato.com - Credentials: server@postxsociety.org - Alerts sent to mail@postxsociety.org Documentation: - Updated docs/monitoring.md with new domain - Added email setup reference - Replaced all URLs to use status.vrije.cloud Benefits: ✅ Friendly domain instead of IP address ✅ HTTPS access with auto-SSL ✅ Automated monitoring reminders on deploy/destroy ✅ Complete email notification guide ✅ Streamlined workflow for monitor management Note: Monitor creation/deletion currently manual (API automation planned) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2026-01-18 18:55:33 +01:00 · 2026-01-18 18:55:33 +01:00 · 9a3afa325b
commit 9a3afa325b
parent 5fc95d7127
7 changed files with 340 additions and 9 deletions
--- a/docs/monitoring.md
+++ b/docs/monitoring.md
@ -1,7 +1,8 @@
 # Uptime Monitoring with Uptime Kuma

 **Status**: ✅ Deployed
-**URL**: http://94.130.231.155:3001 (will be https://status.postxsociety.cloud after DNS setup)
+**URL**: https://status.vrije.cloud (DNS configured)
+**Fallback**: https://status.vrije.cloud
 **Server**: External monitoring server (94.130.231.155)

 ## Overview
@ -70,7 +71,7 @@ networks:

 Open in browser:
 ```
-http://94.130.231.155:3001
+https://status.vrije.cloud
 ```

 ### 2. Create Admin Account
@ -233,7 +234,7 @@ Uptime Kuma supports public status pages. To enable:
   - **Theme**: Choose theme
 4. Add monitors to display
 5. Click **Save**
-6. Access at: `http://94.130.231.155:3001/status/ptt-status`
+6. Access at: `https://status.vrije.cloud/status/ptt-status`

 ## DNS Setup (Optional)

@ -246,7 +247,7 @@ Add A record:
 status.vrije.cloud → 94.130.231.155
 ```

-Then access at: `https://status.postxsociety.cloud` (via nginx-proxy SSL)
+Then access at: `https://status.vrije.cloud` (via nginx-proxy SSL)

 ### Option 2: Use postxsociety.cloud

--- a/docs/uptime-kuma-email-setup.md
+++ b/docs/uptime-kuma-email-setup.md
@ -0,0 +1,147 @@
+# Uptime Kuma Email Notification Setup
+
+## Quick Setup Guide
+
+### 1. Access Uptime Kuma
+
+Open: **https://status.vrije.cloud**
+
+### 2. Navigate to Settings
+
+1. Click on **Settings** (gear icon) in the left sidebar
+2. Click on **Notifications**
+
+### 3. Add Email (SMTP) Notification
+
+1. Click **Setup Notification**
+2. Select **Email (SMTP)**
+3. Configure with these settings:
+
+```
+Notification Type: Email (SMTP)
+Friendly Name: PTT Email Alerts
+
+SMTP Settings:
+  Hostname: smtp.strato.com
+  Port: 587
+  Security: STARTTLS (or "None" with TLS unchecked)
+
+Authentication:
+  Username: server@postxsociety.org
+  Password: Mov!ePubl1cL0ndon@longW!7h
+
+From Email: server@postxsociety.org
+To Email: mail@postxsociety.org
+
+Custom Subject (optional):
+  [🔴 DOWN] {msg}
+  [✅ UP] {msg}
+```
+
+### 4. Test the Notification
+
+1. Click **Test** button
+2. Check mail@postxsociety.org for test email
+3. If successful, click **Save**
+
+### 5. Apply to All Monitors
+
+Option A - Apply when creating monitors:
+- When creating each monitor, select this notification in the "Notifications" section
+
+Option B - Apply to existing monitors:
+1. Go to each monitor's settings (Edit button)
+2. Scroll to "Notifications" section
+3. Enable "PTT Email Alerts"
+4. Click **Save**
+
+### 6. Configure Alert Rules
+
+In the notification settings or per-monitor:
+
+**What to alert on:**
+- ✅ **When service goes down** - Immediate alert
+- ✅ **When service comes back up** - Immediate alert
+- ✅ **Certificate expiring** - 30 days before
+- ✅ **Certificate expiring** - 7 days before
+
+**Alert frequency:**
+- Send alert immediately when status changes
+- Repeat notification every 60 minutes if still down (optional)
+
+## Testing
+
+After setup, test by:
+
+1. Creating a test monitor pointing to a non-existent URL
+2. Wait for it to show as "DOWN"
+3. Verify email notification received
+4. Delete the test monitor
+
+## Troubleshooting
+
+### No emails received
+
+1. Check SMTP settings are correct
+2. Test SMTP connection:
+   ```bash
+   telnet smtp.strato.com 587
+   ```
+3. Check spam/junk folder
+4. Verify email address is correct
+
+### Authentication failed
+
+- Double-check username and password
+- Ensure no extra spaces in credentials
+- Try re-saving the notification
+
+### Connection timeout
+
+- Verify port 587 is not blocked by firewall
+- Try port 25 or 465 (with SSL/TLS)
+- Check if SMTP server allows connections from monitoring server IP
+
+## Alternative: Use Environment Variables
+
+If you want to configure email at container level, update the Docker Compose file:
+
+```yaml
+services:
+  uptime-kuma:
+    environment:
+      # Add SMTP environment variables here if supported by future versions
+```
+
+Currently, Uptime Kuma requires web UI configuration for SMTP.
+
+## Notification Settings Per Monitor
+
+When creating monitors for clients, ensure:
+
+- **HTTP(S) monitors**: Enable email notifications
+- **SSL monitors**: Enable email notifications with 30-day and 7-day warnings
+- **Alert threshold**: 3 failed checks before alerting (prevents false positives)
+
+## Email Template
+
+Uptime Kuma sends emails with:
+- Monitor name
+- Status (UP/DOWN)
+- Timestamp
+- Response time
+- Error message (if applicable)
+- Link to monitor in Uptime Kuma
+
+## Best Practices
+
+1. **Test regularly** - Verify emails are being received
+2. **Multiple recipients** - Add additional email addresses for redundancy
+3. **Alert fatigue** - Don't over-alert; use reasonable thresholds
+4. **Maintenance mode** - Pause monitors during planned maintenance
+5. **Group notifications** - Create notification groups for different teams
+
+## Related
+
+- [Monitoring Documentation](monitoring.md)
+- Uptime Kuma Notification Docs: https://github.com/louislam/uptime-kuma/wiki/Notification-Methods
--- a/scripts/add-client-to-monitoring.sh
+++ b/scripts/add-client-to-monitoring.sh
@ -0,0 +1,87 @@
+#!/usr/bin/env bash
+#
+# Add client monitors to Uptime Kuma
+#
+# Usage: ./scripts/add-client-to-monitoring.sh <client_name>
+#
+# This script creates HTTP(S) and SSL monitors for a client's services
+# Currently uses manual instructions - future: use Uptime Kuma API
+
+set -euo pipefail
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+# Script directory
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(dirname "$SCRIPT_DIR")"
+
+# Check arguments
+if [ $# -ne 1 ]; then
+    echo -e "${RED}Error: Client name required${NC}"
+    echo "Usage: $0 <client_name>"
+    exit 1
+fi
+
+CLIENT_NAME="$1"
+BASE_DOMAIN="vrije.cloud"
+
+# Calculate URLs
+AUTH_URL="https://auth.${CLIENT_NAME}.${BASE_DOMAIN}"
+NEXTCLOUD_URL="https://nextcloud.${CLIENT_NAME}.${BASE_DOMAIN}"
+AUTH_DOMAIN="auth.${CLIENT_NAME}.${BASE_DOMAIN}"
+NEXTCLOUD_DOMAIN="nextcloud.${CLIENT_NAME}.${BASE_DOMAIN}"
+
+echo -e "${BLUE}========================================${NC}"
+echo -e "${BLUE}Add Client to Monitoring${NC}"
+echo -e "${BLUE}========================================${NC}"
+echo ""
+echo -e "${YELLOW}Client: ${CLIENT_NAME}${NC}"
+echo ""
+
+# TODO: Implement automated monitor creation via Uptime Kuma API
+# For now, provide manual instructions
+
+echo -e "${YELLOW}Manual Setup Required:${NC}"
+echo ""
+echo "Please add the following monitors in Uptime Kuma:"
+echo "🔗 Access: https://status.vrije.cloud"
+echo ""
+echo -e "${GREEN}HTTP(S) Monitors:${NC}"
+echo ""
+echo "1. ${CLIENT_NAME} - Authentik"
+echo "   Type: HTTP(S)"
+echo "   URL: ${AUTH_URL}"
+echo "   Interval: 300 seconds (5 min)"
+echo "   Retries: 3"
+echo ""
+echo "2. ${CLIENT_NAME} - Nextcloud"
+echo "   Type: HTTP(S)"
+echo "   URL: ${NEXTCLOUD_URL}"
+echo "   Interval: 300 seconds (5 min)"
+echo "   Retries: 3"
+echo ""
+echo -e "${GREEN}SSL Certificate Monitors:${NC}"
+echo ""
+echo "3. ${CLIENT_NAME} - Authentik SSL"
+echo "   Type: Certificate Expiry"
+echo "   Hostname: ${AUTH_DOMAIN}"
+echo "   Port: 443"
+echo "   Expiry Days: 30"
+echo "   Interval: 86400 seconds (1 day)"
+echo ""
+echo "4. ${CLIENT_NAME} - Nextcloud SSL"
+echo "   Type: Certificate Expiry"
+echo "   Hostname: ${NEXTCLOUD_DOMAIN}"
+echo "   Port: 443"
+echo "   Expiry Days: 30"
+echo "   Interval: 86400 seconds (1 day)"
+echo ""
+echo -e "${BLUE}========================================${NC}"
+echo ""
+echo -e "${YELLOW}Note: Automated monitor creation via API is planned for future enhancement.${NC}"
+echo ""
--- a/scripts/deploy-client.sh
+++ b/scripts/deploy-client.sh
@ -175,7 +175,7 @@ echo -e "${BLUE}========================================${NC}"
 echo ""

 # Step 1: Provision infrastructure
-echo -e "${YELLOW}[1/4] Provisioning infrastructure with OpenTofu...${NC}"
+echo -e "${YELLOW}[1/5] Provisioning infrastructure with OpenTofu...${NC}"

 cd "$PROJECT_ROOT/tofu"

@ -199,7 +199,7 @@ fi
 echo ""

 # Step 2: Setup base system
-echo -e "${YELLOW}[2/4] Setting up base system (Docker, Traefik)...${NC}"
+echo -e "${YELLOW}[2/5] Setting up base system (Docker, Traefik)...${NC}"

 cd "$PROJECT_ROOT/ansible"

@ -210,7 +210,7 @@ echo -e "${GREEN}✓ Base system configured${NC}"
 echo ""

 # Step 3: Deploy applications
-echo -e "${YELLOW}[3/4] Deploying applications (Authentik, Nextcloud, SSO)...${NC}"
+echo -e "${YELLOW}[3/5] Deploying applications (Authentik, Nextcloud, SSO)...${NC}"

 ~/.local/bin/ansible-playbook -i hcloud.yml playbooks/deploy.yml --limit "$CLIENT_NAME"

@ -219,7 +219,7 @@ echo -e "${GREEN}✓ Applications deployed${NC}"
 echo ""

 # Step 4: Update client registry
-echo -e "${YELLOW}[4/4] Updating client registry...${NC}"
+echo -e "${YELLOW}[4/5] Updating client registry...${NC}"

 cd "$PROJECT_ROOT/tofu"

@ -257,6 +257,19 @@ echo -e "${YELLOW}Collecting deployed versions...${NC}"

 echo ""

+# Add to monitoring
+echo -e "${YELLOW}[5/5] Adding client to monitoring...${NC}"
+echo ""
+
+if [ -f "$SCRIPT_DIR/add-client-to-monitoring.sh" ]; then
+    "$SCRIPT_DIR/add-client-to-monitoring.sh" "$CLIENT_NAME"
+else
+    echo -e "${YELLOW}⚠ Monitoring script not found${NC}"
+    echo "Manually add monitors at: https://status.vrije.cloud"
+fi
+
+echo ""
+
 # Calculate duration
 END_TIME=$(date +%s)
 DURATION=$((END_TIME - START_TIME))
--- a/scripts/destroy-client.sh
+++ b/scripts/destroy-client.sh
@ -78,8 +78,21 @@ echo ""
 echo -e "${YELLOW}Starting destruction of client: $CLIENT_NAME${NC}"
 echo ""

+# Step 0: Remove from monitoring
+echo -e "${YELLOW}[0/7] Removing client from monitoring...${NC}"
+echo ""
+
+if [ -f "$SCRIPT_DIR/remove-client-from-monitoring.sh" ]; then
+    "$SCRIPT_DIR/remove-client-from-monitoring.sh" "$CLIENT_NAME"
+else
+    echo -e "${YELLOW}⚠ Monitoring script not found${NC}"
+    echo "Manually remove monitors at: https://status.vrije.cloud"
+fi
+
+echo ""
+
 # Step 1: Delete Mailgun SMTP credentials
-echo -e "${YELLOW}[1/3] Deleting Mailgun SMTP credentials...${NC}"
+echo -e "${YELLOW}[1/7] Deleting Mailgun SMTP credentials...${NC}"

 cd "$PROJECT_ROOT/ansible"

--- a/scripts/remove-client-from-monitoring.sh
+++ b/scripts/remove-client-from-monitoring.sh
@ -0,0 +1,56 @@
+#!/usr/bin/env bash
+#
+# Remove client monitors from Uptime Kuma
+#
+# Usage: ./scripts/remove-client-from-monitoring.sh <client_name>
+#
+# This script removes HTTP(S) and SSL monitors for a destroyed client
+# Currently uses manual instructions - future: use Uptime Kuma API
+
+set -euo pipefail
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+# Script directory
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(dirname "$SCRIPT_DIR")"
+
+# Check arguments
+if [ $# -ne 1 ]; then
+    echo -e "${RED}Error: Client name required${NC}"
+    echo "Usage: $0 <client_name>"
+    exit 1
+fi
+
+CLIENT_NAME="$1"
+
+echo -e "${BLUE}========================================${NC}"
+echo -e "${BLUE}Remove Client from Monitoring${NC}"
+echo -e "${BLUE}========================================${NC}"
+echo ""
+echo -e "${YELLOW}Client: ${CLIENT_NAME}${NC}"
+echo ""
+
+# TODO: Implement automated monitor removal via Uptime Kuma API
+# For now, provide manual instructions
+
+echo -e "${YELLOW}Manual Removal Required:${NC}"
+echo ""
+echo "Please remove the following monitors from Uptime Kuma:"
+echo "🔗 Access: https://status.vrije.cloud"
+echo ""
+echo "Monitors to delete:"
+echo "  • ${CLIENT_NAME} - Authentik"
+echo "  • ${CLIENT_NAME} - Nextcloud"
+echo "  • ${CLIENT_NAME} - Authentik SSL"
+echo "  • ${CLIENT_NAME} - Nextcloud SSL"
+echo ""
+echo -e "${BLUE}========================================${NC}"
+echo ""
+echo -e "${YELLOW}Note: Automated monitor removal via API is planned for future enhancement.${NC}"
+echo ""
--- a/tofu/dns.tf
+++ b/tofu/dns.tf
@ -53,3 +53,17 @@ resource "hcloud_zone_rrset" "client_aaaa" {
    }
  ]
 }
+
+# Static A record for monitoring server (status.vrije.cloud -> external monitoring server)
+resource "hcloud_zone_rrset" "monitoring" {
+  zone   = data.hcloud_zone.main.name
+  name   = "status"
+  type   = "A"
+  ttl    = 300
+  records = [
+    {
+      value   = "94.130.231.155"
+      comment = "Uptime Kuma monitoring server"
+    }
+  ]
+}