Skip to content

Michael Roehr — Infrastructure Docs

Drift Detection

Drift Detection¶

Procedures for detecting when the actual state of infrastructure diverges from what's documented.

Monthly Drift Check Checklist¶

Docker / Services¶

docker ps -a — compare to Inventory
docker images — any images not in a compose file?
Check ~/stacks/ — any compose files not in inventory?
Any ad-hoc docker run containers running outside a stack?

docker ps --format "table {{.Names}}\t{{.Image}}\t{{.Status}}"

Networking¶

Pi-hole DNS records match Networking
NPM proxy hosts match documented services
Firewall rules (UFW / OCI / Azure NSG) — any undocumented rules?
WireGuard peers match documentation

sudo ufw status numbered
sudo wg show

Cloud Resources¶

Azure Cost Management — any resources not in Resource Groups?
OCI console — any instances, security rules, or volumes not documented?

Images & Updates¶

sudo apt list --upgradable 2>/dev/null | grep -i security
docker images --format "{{.Repository}}:{{.Tag}}"

Drift Correction Log¶

Date	Where Found	Description	Action Taken
YYYY-MM-DD	Docker inventory	Service not in inventory	Added to inventory.md