audit(gremlin): authentik FAIL 2026-04-03

2026-04-02 21:36:24 -05:00 · 2026-04-02 21:36:24 -05:00 · 171ce6b9a2
commit 171ce6b9a2
parent 6f4d19284c
1 changed files with 48 additions and 0 deletions
--- a/Netgrimoire/Audits/authentik-2026-04-03.md
+++ b/Netgrimoire/Audits/authentik-2026-04-03.md
@ -0,0 +1,48 @@
+---
+title: Audit - authentik.yaml
+description: Gremlin audit report 2026-04-03
+published: true
+date: 2026-04-03T02:36:24.241Z
+tags: gremlin,audit
+editor: markdown
+dateCreated: 2026-04-03T02:36:24.241Z
+---
+
+# Audit Report — authentik.yaml
+
+**Date:** 2026-04-03  
+**File:** swarm/authentik.yaml  
+**Type:** Docker Swarm  
+**Verdict:** FAIL
+
+---
+
+**SWARM AUDIT REPORT**
+
+1. **Homepage labels**
+   - `homepage.group`: PASS
+   - `homepage.name`: PASS
+   - `homepage.icon`: PASS
+   - `homepage.href`: PASS
+   - `homepage.description`: PASS
+
+2. **Uptime Kuma labels**
+   - No Uptime Kuma service found, hence no labels to check.
+
+3. **Caddy labels on exposed services**
+   - `caddy=auth.netgrimoire.com` and `caddy.reverse_proxy="{{upstreams 9000}}"`: PASS
+
+4. **Placement constraints**
+   - `node.hostname == znas`: PASS for all services
+
+5. **Volumes use /DockerVol/<service> path convention**
+   - `/DockerVol/Authentik/Postgres`, `/DockerVol/Authentik/redis`, `/DockerVol/Authentik/media`, `/DockerVol/Authentik/custom-templates`: PASS
+   - `/var/run/docker.sock` for `worker` service: FAIL
+
+6. **Network references external netgrimoire overlay**
+   - `netgrimoire` network is referenced by both `authentik` and `worker` services, and it is set to `external: true`: PASS
+
+**Fixes Required**
+- Update the `worker` service volume `/var/run/docker.sock:/var/run/docker.sock` to match the convention by using a Docker volume or bind mount with `/DockerVol/Authentik/docker.sock`.
+
+**VERDICT: FAIL**