# Commented Scrutiny Configuration File # # The default location for this file is /opt/scrutiny/config/scrutiny.yaml. # In some cases to improve clarity default values are specified, # uncommented. Other example values are commented out. # # When this file is parsed by Scrutiny, all configuration file keys are # lowercased automatically. As such, Configuration keys are case-insensitive, # and should be lowercase in this file to be consistent with usage. # ###################################################################### # Environment Variable Overrides # # Any configuration key can be overridden via environment variables using # the SCRUTINY_ prefix. Dots and dashes in key names become underscores. # # Pattern: SCRUTINY_ # # Examples: # web.listen.port -> SCRUTINY_WEB_LISTEN_PORT # web.listen.host -> SCRUTINY_WEB_LISTEN_HOST # web.listen.basepath -> SCRUTINY_WEB_LISTEN_BASEPATH # web.database.location -> SCRUTINY_WEB_DATABASE_LOCATION # web.database.journal_mode -> SCRUTINY_WEB_DATABASE_JOURNAL_MODE # web.src.frontend.path -> SCRUTINY_WEB_SRC_FRONTEND_PATH # web.influxdb.scheme -> SCRUTINY_WEB_INFLUXDB_SCHEME # web.influxdb.host -> SCRUTINY_WEB_INFLUXDB_HOST # web.influxdb.port -> SCRUTINY_WEB_INFLUXDB_PORT # web.influxdb.org -> SCRUTINY_WEB_INFLUXDB_ORG # web.influxdb.bucket -> SCRUTINY_WEB_INFLUXDB_BUCKET # web.influxdb.token -> SCRUTINY_WEB_INFLUXDB_TOKEN # web.influxdb.init_username -> SCRUTINY_WEB_INFLUXDB_INIT_USERNAME # web.influxdb.init_password -> SCRUTINY_WEB_INFLUXDB_INIT_PASSWORD # web.influxdb.tls.insecure_skip_verify -> SCRUTINY_WEB_INFLUXDB_TLS_INSECURE_SKIP_VERIFY # web.influxdb.retention_policy -> SCRUTINY_WEB_INFLUXDB_RETENTION_POLICY # web.influxdb.retention.daily -> SCRUTINY_WEB_INFLUXDB_RETENTION_DAILY # web.influxdb.retention.weekly -> SCRUTINY_WEB_INFLUXDB_RETENTION_WEEKLY # web.influxdb.retention.monthly -> SCRUTINY_WEB_INFLUXDB_RETENTION_MONTHLY # web.metrics.enabled -> SCRUTINY_WEB_METRICS_ENABLED # web.metrics.token -> SCRUTINY_WEB_METRICS_TOKEN # log.level -> SCRUTINY_LOG_LEVEL # log.file -> SCRUTINY_LOG_FILE # notify.urls -> SCRUTINY_NOTIFY_URLS (comma-separated) # failures.transient.ata -> SCRUTINY_FAILURES_TRANSIENT_ATA # failures.ignored.ata -> SCRUTINY_FAILURES_IGNORED_ATA # failures.ignored.devstat -> SCRUTINY_FAILURES_IGNORED_DEVSTAT # failures.ignored.nvme -> SCRUTINY_FAILURES_IGNORED_NVME # failures.ignored.scsi -> SCRUTINY_FAILURES_IGNORED_SCSI # # Environment variables take precedence over config file values. ###################################################################### ###################################################################### # Version # # version specifies the version of this configuration file schema, not # the scrutiny binary. There is only 1 version available at the moment version: 1 web: listen: port: 8080 host: 0.0.0.0 # if you're using a reverse proxy like apache/nginx, you can override this value to serve scrutiny on a subpath. # eg. http://example.com/scrutiny/* vs http://example.com:8080 # see docs/TROUBLESHOOTING_REVERSE_PROXY.md # basepath: `/scrutiny` # leave empty unless behind a path prefixed proxy basepath: '' # HTTP server timeouts (in seconds) to protect against slow/stalled connections. # Set to 0 to disable a specific timeout (not recommended for production). # Env: SCRUTINY_WEB_LISTEN_READ_TIMEOUT_SECONDS, etc. # read_timeout_seconds: 10 # write_timeout_seconds: 30 # idle_timeout_seconds: 60 database: # can also set absolute path here location: /opt/scrutiny/config/scrutiny.db # SQLite journal mode: WAL (default), DELETE, TRUNCATE, PERSIST, MEMORY, OFF # WAL mode is recommended for Docker containers with restricted capabilities (cap_drop: [ALL]) # If you experience database issues with WAL mode on network filesystems (NFS), try DELETE mode # journal_mode: WAL src: # the location on the filesystem where scrutiny javascript + css is located frontend: path: /opt/scrutiny/web # if you're running influxdb on a different host (or using a cloud-provider) you'll need to update the host & port below. # token, org, bucket are unnecessary for a new InfluxDB installation, as Scrutiny will automatically run the InfluxDB setup, # and store the information in the config file. If you 're re-using an existing influxdb installation, you'll need to provide # the `token` influxdb: # scheme: 'http' host: 0.0.0.0 port: 8086 # token: 'my-token' # org: 'my-org' # bucket: 'bucket' retention_policy: true # Retention periods for InfluxDB buckets (in seconds) # These control how long metrics data is kept in each downsampling bucket # See docs/DOWNSAMPLING.md for details on the bucket structure # # retention: # daily: 1296000 # 15 days (default) - raw metrics bucket # weekly: 5443200 # 9 weeks (default) - weekly aggregated data # monthly: 65318400 # 25 months (default) - monthly aggregated data # # yearly bucket has infinite retention (not configurable) # Authentication settings # When enabled, all API endpoints (except /api/health and /api/auth/*) require # a valid Bearer token in the Authorization header. Disabled by default so # existing deployments are unaffected. # # Environment variable overrides: # web.auth.enabled -> SCRUTINY_WEB_AUTH_ENABLED # web.auth.token -> SCRUTINY_WEB_AUTH_TOKEN # web.auth.jwt_secret -> SCRUTINY_WEB_AUTH_JWT_SECRET # web.auth.jwt_expiry_hours -> SCRUTINY_WEB_AUTH_JWT_EXPIRY_HOURS # web.auth.admin_username -> SCRUTINY_WEB_AUTH_ADMIN_USERNAME # web.auth.admin_password -> SCRUTINY_WEB_AUTH_ADMIN_PASSWORD auth: # Enable API authentication (default: false, all endpoints open) # enabled: false # Master API token for collector and programmatic access. # Required when auth is enabled. Collectors send this as: # Authorization: Bearer # token: 'your-secret-api-token-here' # Secret key for signing JWT session tokens (used for web UI sessions). # If empty, a random secret is generated at startup -- tokens will not # survive server restarts. Set a stable value for persistent sessions. # jwt_secret: '' # JWT token expiry in hours (default: 24) # jwt_expiry_hours: 24 # Admin credentials for password-based web UI login (optional). # When admin_password is set, users can log in with username/password # in addition to the API token. Token login is always available. # admin_username: 'admin' # admin_password: 'your-admin-password-here' # Prometheus metrics endpoint configuration metrics: # Enable or disable Prometheus metrics endpoint (/api/metrics) enabled: true # Optional bearer token for authenticating Prometheus scrape requests. # When set, /api/metrics requires: Authorization: Bearer # When empty (default), the endpoint is open (or protected by web.auth if enabled). # Env: SCRUTINY_WEB_METRICS_TOKEN # # Prometheus scrape config example: # scrape_configs: # - job_name: scrutiny # bearer_token: 'your-metrics-token-here' # metrics_path: '/api/metrics' # static_configs: # - targets: ['localhost:8080'] # # token: 'your-metrics-token-here' # if you wish to disable TLS certificate verification, # when using self-signed certificates for example, # then uncomment the lines below and set `insecure_skip_verify: true` # tls: # insecure_skip_verify: false # Uptime Kuma push monitor (optional) # When configured here, this URL takes precedence over the Settings UI value. # The monitor itself is enabled/disabled via the Settings API or UI. # Env: SCRUTINY_WEB_UPTIME_KUMA_PUSH_URL # # uptime_kuma: # push_url: "https://kuma.example.com/api/push/YOUR_TOKEN" # MQTT / Home Assistant Integration # # When enabled, Scrutiny publishes MQTT Discovery messages so that drives # automatically appear as devices in Home Assistant with sensors for # temperature, health status, power-on hours, power cycle count, and a # problem binary sensor. # # Requirements: # - An MQTT broker (e.g., Mosquitto) reachable from Scrutiny # - Home Assistant configured with the MQTT integration # # Environment variable overrides: # web.mqtt.enabled -> SCRUTINY_WEB_MQTT_ENABLED # web.mqtt.broker -> SCRUTINY_WEB_MQTT_BROKER # web.mqtt.username -> SCRUTINY_WEB_MQTT_USERNAME # web.mqtt.password -> SCRUTINY_WEB_MQTT_PASSWORD # web.mqtt.client_id -> SCRUTINY_WEB_MQTT_CLIENT_ID # web.mqtt.topic_prefix -> SCRUTINY_WEB_MQTT_TOPIC_PREFIX # web.mqtt.qos -> SCRUTINY_WEB_MQTT_QOS # web.mqtt.retain -> SCRUTINY_WEB_MQTT_RETAIN # #mqtt: # # Enable MQTT Home Assistant integration (default: false) # enabled: false # # # MQTT broker URL (tcp:// for plain, ssl:// for TLS) # broker: "tcp://localhost:1883" # # # Broker credentials (leave empty if not required) # username: "" # password: "" # # # Client ID used when connecting to the broker # client_id: "scrutiny" # # # Home Assistant MQTT discovery prefix (must match HA's discovery_prefix setting) # topic_prefix: "homeassistant" # # # MQTT QoS level: 0 = at most once, 1 = at least once, 2 = exactly once # qos: 1 # # # Whether to publish messages with the retained flag # retain: true # Valid log levels (case-insensitive, highest to lowest severity): # PANIC, FATAL, ERROR, WARN, INFO (default), DEBUG, TRACE # Setting a level includes all messages at that level and above. # Example: WARN shows WARN, ERROR, FATAL, and PANIC messages. log: file: '' #absolute or relative paths allowed, eg. web.log level: INFO failures: # Transient attributes are ones that may temporarily show failures but recover # These are still evaluated but don't immediately trigger device failure status transient: ata: - 195 # Hardware_ECC_Recovered, see https://superuser.com/a/1511916/169872 # Ignored attributes are completely excluded from failure evaluation # Use this for attributes that report invalid/corrupted data on your drives # See issue #84: some drives report impossibly high values for certain devstat attributes ignored: ata: [] # numeric SMART attribute IDs, e.g., [1, 9, 199] devstat: [] # string-based device statistics, e.g., ["devstat_1_40", "devstat_1_48"] nvme: [] # NVME attribute IDs, e.g., ["media_errors"] scsi: [] # SCSI attribute IDs, e.g., ["scsi_grown_defect_list"] ###################################################################### # SMART Attribute Overrides # # Customize how individual SMART attributes are evaluated. # Use this to suppress false positives, force specific statuses, # or set custom warning/failure thresholds. # # Each override requires: # - protocol: ATA, NVMe, or SCSI # - attribute_id: The attribute ID as a string (e.g., "5", "media_errors", "devstat_7_8") # # Optional fields: # - wwn: Limit the override to a specific device (by WWN) # - action: "ignore" (skip attribute) or "force_status" (set specific status) # - status: For force_status action: "passed", "warn", or "failed" # - warn_above: Custom threshold - warn when raw value exceeds this # - fail_above: Custom threshold - fail when raw value exceeds this (takes precedence) # #smart: # attribute_overrides: # # Example 1: Ignore a specific attribute that causes false positives # - protocol: ATA # attribute_id: "187" # Reported_Uncorrect - often false positive on some drives # action: ignore # # # Example 2: Ignore attribute only for a specific device # - protocol: ATA # attribute_id: "197" # Current_Pending_Sector # wwn: "0x5000cca264eb01d7" # Only apply to this drive # action: ignore # # # Example 3: Force an attribute status to passed (suppress alerts) # - protocol: NVMe # attribute_id: "media_errors" # action: force_status # status: passed # # # Example 4: Set custom thresholds for Reallocated Sectors Count # - protocol: ATA # attribute_id: "5" # warn_above: 5 # Warn when raw value > 5 # fail_above: 10 # Fail when raw value > 10 # # # Example 5: Device statistics override # - protocol: ATA # attribute_id: "devstat_7_8" # Percentage Used Endurance Indicator # warn_above: 80 # fail_above: 95 # Notification "urls" look like the following. For more information about service specific configuration see # Shoutrrr's documentation: https://nicholas-fedor.github.io/shoutrrr/ # # note, usernames and passwords containing special characters will need to be urlencoded. # if your username is: "myname@example.com" and your password is "124@34$1" # your shoutrrr url will look like: "smtp://myname%40example%2Ecom:124%4034%241@ms.my.domain.com:587" #notify: # urls: # - "discord://token@webhookid" # - "telegram://token@telegram?channels=channel-1[,channel-2,...]" # # For topic-based groups, append thread ID with colon: channels=chat_id:thread_id # # Example: telegram://token@telegram?channels=-123456789:12345 # - "pushover://shoutrrr:apiToken@userKey/?priority=1&devices=device1[,device2, ...]" # - "slack://[botname@]token-a/token-b/token-c" # - "smtp://username:password@host:port/?fromAddress=fromAddress&toAddresses=recipient1[,recipient2,...]" # - "teams://token-a/token-b/token-c" # - "gotify://gotify-host/token" # - "pushbullet://api-token[/device/#channel/email]" # - "ifttt://key/?events=event1[,event2,...]&value1=value1&value2=value2&value3=value3" # - "mattermost://[username@]mattermost-host/token[/channel]" # - "ntfy://username:password@host:port/topic" # - "hangouts://chat.googleapis.com/v1/spaces/FOO/messages?key=bar&token=baz" # - "zulip://bot-mail:bot-key@zulip-domain/?stream=name-or-id&topic=name" # - "join://shoutrrr:api-key@join/?devices=device1[,device2, ...][&icon=icon][&title=title]" # - "script:///file/path/on/disk" # - "https://www.example.com/path" ###################################################################### # Collector Monitoring (Missed Ping Detection) # # Scrutiny can monitor for missed collector pings and send notifications # when a collector has not sent data within the expected time window. # This helps detect issues with collectors, networks, or cron jobs. # # These settings are configured via the Settings API, not this config file. # Use the /api/settings endpoint to configure: # # metrics.notify_on_missed_ping: false # Enable/disable feature # metrics.missed_ping_timeout_minutes: 60 # Minutes before alerting # metrics.missed_ping_check_interval_mins: 5 # How often to check # # Example API call to enable missed ping notifications: # curl -X POST http://localhost:8080/api/settings \ # -H "Content-Type: application/json" \ # -d '{"metrics": {"notify_on_missed_ping": true, "missed_ping_timeout_minutes": 60}}' ###################################################################### # Scheduled Reports [WIP] # # Scrutiny can generate and email periodic health reports summarizing # device status, temperature, alerts, and ZFS pool health. Reports are # sent via your configured notify.urls (HTML for SMTP, plain text for # other services like Discord, Slack, etc.). # # NOTE: This feature is a work in progress. It is functional and tested # but the UI and report content may change. Feedback is welcome! # # These settings are configured via the Settings API, not this config file. # Use the /api/settings endpoint to configure: # # metrics.report_enabled: false # Master toggle # metrics.report_daily_enabled: false # Enable daily reports # metrics.report_daily_time: "03:00" # Time to send (24h format) # metrics.report_weekly_enabled: false # Enable weekly reports # metrics.report_weekly_day: 1 # Day of week (0=Sun ... 6=Sat) # metrics.report_weekly_time: "03:00" # Time to send # metrics.report_monthly_enabled: false # Enable monthly reports # metrics.report_monthly_day: 1 # Day of month (1-28) # metrics.report_monthly_time: "03:00" # Time to send # metrics.report_pdf_enabled: false # Also save PDF to disk # metrics.report_pdf_path: "/opt/scrutiny/reports" # PDF output directory # # Example API call to enable daily reports at 7 AM: # curl -X POST http://localhost:8080/api/settings \ # -H "Content-Type: application/json" \ # -d '{"metrics": {"report_enabled": true, "report_daily_enabled": true, "report_daily_time": "07:00"}}' # # On-demand report generation: # curl -X POST 'http://localhost:8080/api/reports/generate?period=daily&test=true' ###################################################################### # Heartbeat Notifications (Periodic Health Check) # # Scrutiny can send periodic "all clear" heartbeat notifications to # confirm the monitoring system is running and all drives are healthy. # Useful for integration with uptime monitoring tools like Uptime Kuma. # # Heartbeat notifications are only sent when ALL monitored drives are # healthy. If any drive has failures, the heartbeat is suppressed # (failure notifications take priority). # # These settings are configured via the Settings API, not this config file. # Use the /api/settings endpoint to configure: # # metrics.heartbeat_enabled: false # Enable/disable feature # metrics.heartbeat_interval_hours: 24 # Hours between heartbeats # # Example API call to enable daily heartbeat notifications: # curl -X POST http://localhost:8080/api/settings \ # -H "Content-Type: application/json" \ # -d '{"metrics": {"heartbeat_enabled": true, "heartbeat_interval_hours": 24}}' ######################################################################################################################## # FEATURES COMING SOON # # The following commented out sections are a preview of additional configuration options that will be available soon. # ######################################################################################################################## #limits: # ata: # critical: # error: 10 # standard: # error: 20 # warn: 10 # scsi: # critical: true # standard: true # nvme: # critical: true # standard: true