From 536eedeffcf46560b38e6879855bf6968675424a Mon Sep 17 00:00:00 2001
From: June <june@jsts.xyz>
Date: Sun, 1 Feb 2026 22:44:42 +0100
Subject: [PATCH] status(host): add monitoring for ACME DNS

---
 .../external/host_vars/status.sops.yaml       |  5 ++-
 .../status/docker_compose/compose.yaml.j2     |  1 +
 .../config/services-chaosknoten.yaml          | 39 +++++++++++++++++++
 3 files changed, 43 insertions(+), 2 deletions(-)

diff --git a/inventories/external/host_vars/status.sops.yaml b/inventories/external/host_vars/status.sops.yaml
index 366b6410..a67b8a13 100644
--- a/inventories/external/host_vars/status.sops.yaml
+++ b/inventories/external/host_vars/status.sops.yaml
@@ -1,6 +1,7 @@
 ansible_pull__age_private_key: ENC[AES256_GCM,data:u0tluAG5YmXTs71/F6RjuTITCrEoJco0K7+o/F7An4OMdOAwJVBvvMCnEaYsKhLhdesnMIoA24oz2j22lKRFgZUNtkF08ZwH9gw=,iv:oqTTeOi8l6ig4vvqOKict5bqxjmiBW+kwlZhbozoCSU=,tag:ZL2wuIczCHguGJIhbY0NuQ==,type:str]
 secret__gatus_db_password: ENC[AES256_GCM,data:fwtdWmXVTA7odBsKnlxH7mKKGtplAt/rQqscFBAxbDky6DNqgk6PP2OsqbIEpnpzs9Yn7Kd2VAxzfJfK,iv:ox/Lm+LlxxRcssOPc++nRp6nVa2DF3/46eEsGzTOBmA=,tag:i1e71Gm01ojHr5pGy0S9rA==,type:str]
 secret__gatus_matrix_access_token: ENC[AES256_GCM,data:adNtFvg2LXwRiNE7mvTZNO1hXxN3qasWZrDEQOGk5mYEVH0t9pglNrM=,iv:30xXR31qmrywLP3M34u6YgsyQY348zVvt9RM4/bGhtY=,tag:vhgpON0IdQ+FS4uQ/0TpsQ==,type:str]
+secret__gatus_acme_dns_update_test_x_api_key: ENC[AES256_GCM,data:rBMHvYT7g+o6Rc+edjikYT2jn4wKnkOJWOMf5Ys1zjKpsRCKEF0PZA==,iv:Tp4ELKMfhxtwaJljW4sMCVgW3KCTL89NfW2/LQTmO1Y=,tag:YMbvE0xgLTYCFXche/mvFA==,type:str]
 sops:
   age:
     - recipient: age1yl9ts8k6ceymaxjs72r5puetes5mtuzxuger7qgme9qkagfrm9hqzxx9qr
@@ -12,8 +13,8 @@ sops:
         RFl1MnI1K0h2MUhvYk40d2JjbDRaUmMKNlPo1s06hVdxAamKhJy4HhNDX8PKQlq2
         13PjdTJub64fydGEJng5NigcnNcPo7goGLz5QV7vE+6bO0gNZxBmmw==
         -----END AGE ENCRYPTED FILE-----
-  lastmodified: "2026-01-18T18:40:32Z"
-  mac: ENC[AES256_GCM,data:7bP0fmn6TJKA8zLuXE8F47sHn1qqX33z/078KkCJx5yRSKBGyLnTeKNha8EODEBkMG0eXQ2BEQDPfNB892R5OW69xCInCa0+sEPONd3YELMvFVoM7/+avDi94X/tdJKCHVPnF/kpqnGhKlwikKlCFLIcbkfEAHJgDlze32C0QKU=,iv:1Q5dsJP2FToAYDJYWXJufHuIlXGfj93NaBWHfZ5rhHk=,tag:dFNYdMJOwUwr6/zwlRollg==,type:str]
+  lastmodified: "2026-02-01T21:17:51Z"
+  mac: ENC[AES256_GCM,data:YO5RoJnkjZeouYJa3ui/cRGLcpSzbs1Ou4D+XU9fZ6ZEc8snmLoN/e8vK91+9qigQECOc/WHHaln4ghYs6wNH+xje4ImCYL92p1RbMPvT8OoS3qu+pTF3sUfQfV/Rju61njNHA7XNAmGCxSiJQxgq2o92aoEB7qKs+AwCFEmTpE=,iv:QrRkSv4novqk3+YCnfFW59df1mvcGONTDO3zCUyXUME=,tag:oBy402SSczs3qyHhBpQqnw==,type:str]
   pgp:
     - created_at: "2026-01-15T21:23:56Z"
       enc: |-
diff --git a/resources/external/status/docker_compose/compose.yaml.j2 b/resources/external/status/docker_compose/compose.yaml.j2
index 04abf953..ae5681be 100644
--- a/resources/external/status/docker_compose/compose.yaml.j2
+++ b/resources/external/status/docker_compose/compose.yaml.j2
@@ -25,6 +25,7 @@ services:
       - "POSTGRES_USER=gatus"
       - "POSTGRES_PASSWORD={{ secret__gatus_db_password }}"
       - "MATRIX_ACCESS_TOKEN={{ secret__gatus_matrix_access_token }}"
+      - "ACME_DNS_UPDATE_TEST_X_API_KEY={{ secret__gatus_acme_dns_update_test_x_api_key }}"
     volumes:
       - ./configs:/config
     networks:
diff --git a/resources/external/status/docker_compose/config/services-chaosknoten.yaml b/resources/external/status/docker_compose/config/services-chaosknoten.yaml
index e7b1c9c0..7a8f18f5 100644
--- a/resources/external/status/docker_compose/config/services-chaosknoten.yaml
+++ b/resources/external/status/docker_compose/config/services-chaosknoten.yaml
@@ -11,6 +11,45 @@ services-chaosknoten-defaults: &services_chaosknoten_defaults
       send-on-resolved: true
 
 endpoints:
+  - name: ACME DNS (main page/login)
+    url: "https://acmedns.hamburg.ccc.de"
+    <<: *services_chaosknoten_defaults
+    conditions:
+      - "[STATUS] == 200"
+      - "[CERTIFICATE_EXPIRATION] > 48h"
+      - "[BODY] == pat(*OAuth2 Proxy*)"
+
+  - name: ACME DNS (update endpoint)
+    url: "https://acmedns.hamburg.ccc.de/update"
+    <<: *services_chaosknoten_defaults
+    method: POST
+    # acme-dns validates that the value for the txt is 43 characters long.
+    # https://github.com/joohoi/acme-dns/blob/b7a0a8a7bcef39f6158dd596fe716594a170d362/validation.go#L34-L41
+    body: |
+      {
+        "subdomain": "c621ef99-3da9-4ef6-a152-3a82b9b720f8",
+        "txt": "________________gatus_test_________________"
+      }
+    headers:
+      X-Api-User: "b897048a-1526-42aa-bc24-e4dfd654b722"
+      X-Api-Key: "${ACME_DNS_UPDATE_TEST_X_API_KEY}"
+    conditions:
+      - "[STATUS] == 200"
+      - "[CERTIFICATE_EXPIRATION] > 48h"
+      - "[BODY].txt == ________________gatus_test_________________"
+
+  - name: ACME DNS (DNS)
+    url: "acmedns.hosts.hamburg.ccc.de"
+    <<: *services_chaosknoten_defaults
+    dns:
+      query-name: "c621ef99-3da9-4ef6-a152-3a82b9b720f8.auth.acmedns.hamburg.ccc.de"
+      query-type: "TXT"
+    conditions:
+      - "[DNS_RCODE] == NOERROR"
+      # error: query type is not supported yet
+      # apparently TXT records aren't supported yet.
+      # - "[BODY] == ________________gatus_test_________________"
+
   - name: CCCHH ID/Keycloak (main page/account console)
     url: "https://id.hamburg.ccc.de/"
     <<: *services_chaosknoten_defaults