Do not put power in the media script
A Zabbix media script should send the signal. It should not receive broad SSH keys, cloud admin tokens, or production sudo access. Keep action credentials in the Nerve agent environment, separated from the sender DSN.
Media script payload
#!/usr/bin/env sh
set -eu
export NERVE_DSN="nerve://TOKEN:[email protected]"
printf '%s\nhost=%s\nseverity=%s\nevent=%s\n' \
"$1" "$2" "$3" "$4" | nerve send --severity alertRecommended action classes
- Read-only diagnostics: service status, disk usage, recent logs.
- Single-service restart for known transient failures.
- Cache cleanup for documented safe paths.
- Rollback wrapper for one service and one environment.
Severity mapping
Map Zabbix severities to notification urgency, not to automatic power.
case "$TRIGGER_SEVERITY" in
Disaster|High) SEVERITY="critical" ;;
Average) SEVERITY="alert" ;;
*) SEVERITY="standard" ;;
esacEvent tags as routing hints
Use Zabbix tags to decide what context to include, not to grant new capabilities. Tags such as service=api, env=prod, and runbook=restart-api can help the phone message point to the right action, while the agent still enforces the final allowlist.
Actions that should stay manual
Database failover, deleting files outside a cache directory, changing firewall rules, and restarting a whole cluster should stay outside mobile one-tap actions until the procedure is proven and rehearsed.
Recovery messages matter
Send recovery signals for high-severity triggers. They prevent stale mental state: the person who saw the incident should also see when the trigger returns to normal.