Oneclick AI Squad This workflow corresponds to n8n.io template #5406 — we link there as the canonical source.
The workflow JSON
Copy or download the full n8n JSON below. Paste it into a new n8n workflow, add your credentials, activate. Full import guide →
{
"id": "4Y5VQwUUo7uqPPL1",
"meta": {
"templateCredsSetupCompleted": true
},
"name": "Auto Disk Cleanup via Email Alert \u2013 Server Log Purge Workflow",
"tags": [],
"nodes": [
{
"id": "8c1aac94-9e6a-4b14-a177-3a00644ea232",
"name": "Check Disk Alert Emails\t",
"type": "n8n-nodes-base.emailReadImap",
"position": [
0,
0
],
"parameters": {
"options": {
"customEmailConfig": "[\"UNSEEN\", [\"SUBJECT\", \"disk\"]]"
}
},
"credentials": {
"imap": {
"name": "<your credential>"
}
},
"typeVersion": 2
},
{
"id": "025c2c15-f693-4b53-8433-4d641526d11a",
"name": "Extract Server IP from Email\t",
"type": "n8n-nodes-base.code",
"position": [
220,
0
],
"parameters": {
"jsCode": "const subject = $input.first().json.subject;\n\nif (subject && (subject.toLowerCase().includes(\"disk-YOUR_OPENAI_KEY_HERE\") || subject.toLowerCase().includes(\"disk utilization\"))) {\n const ipMatch = subject.match(/(\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}):9100/);\n const server_ip = ipMatch ? ipMatch[1] : '';\n return [{ json: { server_ip } }];\n} else {\n // Stop workflow if subject doesn't match\n return [];\n}"
},
"typeVersion": 2
},
{
"id": "723c7067-fe88-4b8b-b1ff-38c9eb662641",
"name": "Prepare SSH Variables\t",
"type": "n8n-nodes-base.set",
"position": [
440,
0
],
"parameters": {
"options": {},
"assignments": {
"assignments": [
{
"id": "49c16fb1-4b84-46a7-bb50-5e1fa7f59664",
"name": "pwd",
"type": "string",
"value": "password"
},
{
"id": "c16557bd-7ef6-4049-a634-a5b207a92fd6",
"name": "server_user",
"type": "string",
"value": "user"
},
{
"id": "fd8c4253-8ab2-4094-9a72-78ef782d89d3",
"name": "server_ip",
"type": "string",
"value": "={{ $input.first().json.server_ip }}"
}
]
}
},
"typeVersion": 3.4
},
{
"id": "7ef2b2b6-5880-4fc1-93fa-b76c3c75effa",
"name": "Run Log Cleanup Commands via SSH\t",
"type": "n8n-nodes-base.ssh",
"position": [
660,
0
],
"parameters": {
"command": "=echo '{{ $json.pwd }}' | sudo -S su - jenkins -c \"ssh {{ $json.server_user }}@{{ $json.server_ip }} 'sudo rm -rf /var/log/*.gz && sudo rm -rf /var/log/*.1 && sudo rm -rf /var/log/nginx/*.log && sudo rm -rf /var/log/apache2/*.log && sudo journalctl --vacuum-size=200M && sudo apt-get clean && sudo apt-get autoclean && docker builder prune -af && docker system df && sudo apt-get autoremove -y'\""
},
"credentials": {
"sshPassword": {
"name": "<your credential>"
}
},
"typeVersion": 1
},
{
"id": "0935c618-237c-4630-9087-80b757a78a9c",
"name": "Sticky Note",
"type": "n8n-nodes-base.stickyNote",
"position": [
-20,
-140
],
"parameters": {
"width": 160,
"height": 300,
"content": "Triggers when an alert email about disk usage is received.\n"
},
"typeVersion": 1
},
{
"id": "d4efc5ab-9003-4d42-a49c-6ac4c376c9cb",
"name": "Sticky Note1",
"type": "n8n-nodes-base.stickyNote",
"position": [
180,
-140
],
"parameters": {
"color": 3,
"width": 170,
"height": 300,
"content": "Parses the email body to extract the target server's IP address.\n"
},
"typeVersion": 1
},
{
"id": "adf3341f-4319-40cc-bf97-8917a2bb5c44",
"name": "Sticky Note2",
"type": "n8n-nodes-base.stickyNote",
"position": [
400,
-140
],
"parameters": {
"color": 4,
"width": 170,
"height": 300,
"content": "Manually set or map credentials, paths, or other config values.\n"
},
"typeVersion": 1
},
{
"id": "4c933879-5907-4616-8902-42cfb2d73edc",
"name": "Sticky Note3",
"type": "n8n-nodes-base.stickyNote",
"position": [
620,
-140
],
"parameters": {
"color": 6,
"width": 170,
"height": 300,
"content": "Executes cleanup commands (Nginx, PM2, Docker, system logs).\n\n"
},
"typeVersion": 1
}
],
"active": false,
"settings": {
"executionOrder": "v1"
},
"versionId": "fbb7d480-4bbd-4240-9e95-459b563adba4",
"connections": {
"Prepare SSH Variables\t": {
"main": [
[
{
"node": "Run Log Cleanup Commands via SSH\t",
"type": "main",
"index": 0
}
]
]
},
"Check Disk Alert Emails\t": {
"main": [
[
{
"node": "Extract Server IP from Email\t",
"type": "main",
"index": 0
}
]
]
},
"Extract Server IP from Email\t": {
"main": [
[
{
"node": "Prepare SSH Variables\t",
"type": "main",
"index": 0
}
]
]
}
}
}
Credentials you'll need
Each integration node will prompt for credentials when you import. We strip credential IDs before publishing — you'll add your own.
imapsshPassword
For the full experience including quality scoring and batch install features for each workflow upgrade to Pro
About this workflow
This n8n workflow monitors email alerts for disk utilization exceeding 80%, extracts the server IP, logs into the server, and purges logs from Nginx, PM2, Docker, and system files to clear disk space. Ensure email alerts are consistently formatted with server IP details. SSH…
Source: https://n8n.io/workflows/5406/ — original creator credit. Request a take-down →
Related workflows
Workflows that share integrations, category, or trigger type with this one. All free to copy and import.
If you are a postmaster or you manage email server, you can set up DKIM and SPF records to ensure that spoofing your email address is hard. On your domain you can also set up DMARC record to receive X
This workflow automates URL reporting to Spamhaus based on incoming spam/phishing sample emails. It watches one or more IMAP folders, extracts URLs from each email body, removes duplicates and common
Email. Uses emailReadImap, theHive, cortex. Manual trigger; 15 nodes.
With workflow, you analyze Email with TheHive/Cortex
This automated n8n workflow automates AWS S3 bucket and file operations (create, delete, upload, download, copy, list) by parsing simple email commands and sending back success or error confirmations.