Recurring Tasks
Maintenance tasks that should be performed on a regular schedule.
Weekly
| Task |
Command |
What to check |
| Review Grafana alerts |
Grafana UI → Alerting |
Any firing or silenced alerts that need attention |
| Check backup integrity |
ls -lh /opt/docker/backups/daily/ |
Recent backup exists, reasonable file size |
| Review container health |
docker ps -a |
No containers in Exited or Restarting state |
Monthly
| Task |
Command |
What to check |
| Disk usage audit |
df -h / && docker system df |
Disk usage below 70%, prune if needed |
| Review Docker images |
docker image ls |
Remove unused images |
| Check SSL cert expiry |
Grafana → blackbox SSL panel |
All certs renewing properly (> 30 days remaining) |
| Review fail2ban |
sudo fail2ban-client status |
Active jails, recent bans |
| PostgreSQL vacuum |
Check postgresql Grafana dashboard |
Dead tuple count, last autovacuum time |
Quarterly
| Task |
Command |
What to check |
| Full disaster recovery test |
make -f /opt/docker/aether/repo/Makefile (see DR doc) |
Can restore from backup on clean server |
| Review monitoring thresholds |
monitoring/prometheus/alerts/ |
Thresholds still appropriate for current load |
| Security updates |
sudo apt update && sudo apt list --upgradable |
Apply OS security patches |
| Review Docker Compose versions |
docker-compose.yml files |
Upgrade images to latest stable |
| Rotate secrets |
make encrypt after changing passwords |
All secrets updated and encrypted |
Annual
| Task |
What to check |
| Review server sizing |
Current vs. projected resource needs |
| SSL certificate authority |
Certbot / Let's Encrypt still appropriate |
| Backup retention policy |
Current retention meets compliance needs |
| Access audit |
Remove stale user accounts, review SSH keys |