audit(gremlin): caddy-1 FAIL 2026-04-20

Netgrimoire/Audits/caddy-1-2026-04-20.md

@@ -0,0 +1,45 @@
+---
+title: Audit - caddy-1.yaml
+description: Gremlin audit report 2026-04-20
+published: true
+date: 2026-04-20T11:47:22.141Z
+tags: gremlin,audit
+editor: markdown
+dateCreated: 2026-04-20T11:47:22.141Z
+---
+
+# Audit Report — caddy-1.yaml
+
+**Date:** 2026-04-20  
+**File:** swarm/stack/caddy/caddy-1.yaml  
+**Type:** Docker Swarm  
+**Verdict:** FAIL
+
+---
+
+**SWARM AUDIT - Caddy-1.yaml**
+
+1. **Homepage labels**: Homepage labels are missing from the file.
+   - **Fix**: Add homepage.labels with required keys.
+
+2. **Uptime Kuma labels**: Uptime Kuma labels are not present in the file.
+   - **Fix**: If you intend to use Uptime Kuma, add corresponding labels as specified.
+
+3. **Caddy labels on exposed services**:
+   - The service has `caddy` label set with a value of `domain`, which should be replaced with an actual domain name.
+   - There is no `caddy.reverse_proxy` label specified.
+   - **Fix**: Replace `caddy=<domain>` with the actual domain name and add `caddy.reverse_proxy: "http://example.com"` if applicable.
+
+4. **Placement constraints**:
+   - The service has a placement constraint for node.hostname == znas, which is specific to your infrastructure.
+   - **Pass**: Ensure that `znas` is a valid node hostname in your Swarm setup.
+
+5. **Volumes use /DockerVol/<service> path convention**:
+   - Volumes are mounted at `/export/Docker/caddy` and other paths, not following the `/DockerVol/<service>` convention.
+   - **Fix**: Update volume mounts to follow the `/DockerVol/<service>` convention.
+
+6. **Network references external netgrimoire overlay**:
+   - The service correctly references the `netgrimoire` and `vpn` networks, which are marked as external.
+   - **Pass**: Ensure that these networks are properly set up in your Swarm environment.
+
+**VERDICT: FAIL**