From 171ce6b9a257207b1f8336f352afafe41e16abd5 Mon Sep 17 00:00:00 2001 From: traveler Date: Thu, 2 Apr 2026 21:36:24 -0500 Subject: [PATCH] audit(gremlin): authentik FAIL 2026-04-03 --- Netgrimoire/Audits/authentik-2026-04-03.md | 48 ++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 Netgrimoire/Audits/authentik-2026-04-03.md diff --git a/Netgrimoire/Audits/authentik-2026-04-03.md b/Netgrimoire/Audits/authentik-2026-04-03.md new file mode 100644 index 0000000..2e58d14 --- /dev/null +++ b/Netgrimoire/Audits/authentik-2026-04-03.md @@ -0,0 +1,48 @@ +--- +title: Audit - authentik.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T02:36:24.241Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T02:36:24.241Z +--- + +# Audit Report — authentik.yaml + +**Date:** 2026-04-03 +**File:** swarm/authentik.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +**SWARM AUDIT REPORT** + +1. **Homepage labels** + - `homepage.group`: PASS + - `homepage.name`: PASS + - `homepage.icon`: PASS + - `homepage.href`: PASS + - `homepage.description`: PASS + +2. **Uptime Kuma labels** + - No Uptime Kuma service found, hence no labels to check. + +3. **Caddy labels on exposed services** + - `caddy=auth.netgrimoire.com` and `caddy.reverse_proxy="{{upstreams 9000}}"`: PASS + +4. **Placement constraints** + - `node.hostname == znas`: PASS for all services + +5. **Volumes use /DockerVol/ path convention** + - `/DockerVol/Authentik/Postgres`, `/DockerVol/Authentik/redis`, `/DockerVol/Authentik/media`, `/DockerVol/Authentik/custom-templates`: PASS + - `/var/run/docker.sock` for `worker` service: FAIL + +6. **Network references external netgrimoire overlay** + - `netgrimoire` network is referenced by both `authentik` and `worker` services, and it is set to `external: true`: PASS + +**Fixes Required** +- Update the `worker` service volume `/var/run/docker.sock:/var/run/docker.sock` to match the convention by using a Docker volume or bind mount with `/DockerVol/Authentik/docker.sock`. + +**VERDICT: FAIL** \ No newline at end of file