From 770bfe98061cbb55dcdf28a49cbbc3b2e55b0977 Mon Sep 17 00:00:00 2001
From: Pim van Pelt <pim@ipng.ch>
Date: Tue, 24 Mar 2026 20:37:29 +0100
Subject: [PATCH] Add a systemd unit file + default with flags

---
 README.md                     | 29 +++++++++++++++++++++++++++++
 ctlog-uptime-exporter.default |  9 +++++++++
 ctlog-uptime-exporter.service | 20 ++++++++++++++++++++
 3 files changed, 58 insertions(+)
 create mode 100644 ctlog-uptime-exporter.default
 create mode 100644 ctlog-uptime-exporter.service

diff --git a/README.md b/README.md
index 6934070..2c86517 100644
--- a/README.md
+++ b/README.md
@@ -47,6 +47,35 @@ scrape_configs:
       - targets: ['localhost:9781']
 ```
 
+## systemd
+
+A unit file and defaults file are included.
+
+```sh
+# install binary
+go build -o /usr/local/bin/ctlog-uptime-exporter .
+
+# install defaults (edit to taste)
+cp ctlog-uptime-exporter.default /etc/default/ctlog-uptime-exporter
+
+# install and start the service
+cp ctlog-uptime-exporter.service /etc/systemd/system/
+systemctl daemon-reload
+systemctl enable --now ctlog-uptime-exporter
+```
+
+Runtime flags are controlled via the `ARGS` variable in `/etc/default/ctlog-uptime-exporter`.
+
+## Grafana dashboard
+
+`dashboard.json` can be imported directly into Grafana (Dashboards -> Import).
+It expects a Prometheus datasource and provides:
+
+- Summary stats: number of logs, endpoint types, average uptime, degraded count, fetch status, last fetch time
+- Variable selectors for Log URL and Endpoint (both multi-select with All)
+- Time series panel showing the rolling 24h uptime ratio over the chosen time range
+- Table of the top N least-available log/endpoint pairs (N is selectable: 5, 10, 25, 50)
+
 ## License
 
 Apache 2.0 - see [LICENSE](LICENSE).
diff --git a/ctlog-uptime-exporter.default b/ctlog-uptime-exporter.default
new file mode 100644
index 0000000..f78d28f
--- /dev/null
+++ b/ctlog-uptime-exporter.default
@@ -0,0 +1,9 @@
+# Command-line arguments for ctlog-uptime-exporter.
+# Install this file as /etc/default/ctlog-uptime-exporter.
+#
+# -listen    address to listen on               (default: :9781)
+# -url       URL of the uptime CSV              (default: https://www.gstatic.com/ct/compliance/endpoint_uptime_24h.csv)
+# -interval  how often to fetch the CSV         (default: 12h)
+# -jitter    maximum +/-jitter on the interval  (default: 5m)
+
+ARGS='-listen :9781 -url https://www.gstatic.com/ct/compliance/endpoint_uptime_24h.csv -interval 12h -jitter 5m'
diff --git a/ctlog-uptime-exporter.service b/ctlog-uptime-exporter.service
new file mode 100644
index 0000000..4ed419d
--- /dev/null
+++ b/ctlog-uptime-exporter.service
@@ -0,0 +1,20 @@
+[Unit]
+Description=CT Log Uptime Prometheus Exporter
+Documentation=https://git.ipng.ch/certificate-transparency/ctlog-uptime-exporter
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+EnvironmentFile=/etc/default/ctlog-uptime-exporter
+ExecStart=/usr/local/bin/ctlog-uptime-exporter $ARGS
+Restart=on-failure
+RestartSec=5s
+DynamicUser=yes
+NoNewPrivileges=yes
+ProtectSystem=strict
+ProtectHome=yes
+PrivateTmp=yes
+CapabilityBoundingSet=
+
+[Install]
+WantedBy=multi-user.target