audit(gremlin): filebrowser PASS 2026-04-20
This commit is contained in:
parent
26743bb708
commit
1cef80e2c9
1 changed files with 49 additions and 0 deletions
49
Netgrimoire/Audits/filebrowser-2026-04-20.md
Normal file
49
Netgrimoire/Audits/filebrowser-2026-04-20.md
Normal file
|
|
@ -0,0 +1,49 @@
|
||||||
|
---
|
||||||
|
title: Audit - filebrowser.yaml
|
||||||
|
description: Gremlin audit report 2026-04-20
|
||||||
|
published: true
|
||||||
|
date: 2026-04-20T11:12:31.873Z
|
||||||
|
tags: gremlin,audit
|
||||||
|
editor: markdown
|
||||||
|
dateCreated: 2026-04-20T11:12:31.873Z
|
||||||
|
---
|
||||||
|
|
||||||
|
# Audit Report — filebrowser.yaml
|
||||||
|
|
||||||
|
**Date:** 2026-04-20
|
||||||
|
**File:** swarm/filebrowser.yaml
|
||||||
|
**Type:** Docker Swarm
|
||||||
|
**Verdict:** PASS
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
**Audit Report for swarm/filebrowser.yaml**
|
||||||
|
|
||||||
|
1. **Homepage labels**: All homepage labels are present.
|
||||||
|
- `homepage.group=Jolly Roger`
|
||||||
|
- `homepage.name=FileBrowser`
|
||||||
|
- `homepage.icon=filebrowser.png`
|
||||||
|
- `homepage.href=http://filebrowser.netgrimoire.com`
|
||||||
|
- `homepage.description=Web-based file manager`
|
||||||
|
|
||||||
|
2. **Uptime Kuma labels**: Both Uptime Kuma labels are present.
|
||||||
|
- `kuma.filebrowser.http.name="FileBrowser"`
|
||||||
|
- `kuma.filebrowser.http.url=http://filebrowser:80`
|
||||||
|
|
||||||
|
3. **Caddy labels on exposed services**:
|
||||||
|
- `caddy=filebrowser.netgrimoire.com`
|
||||||
|
- `caddy.import=authentik`
|
||||||
|
- `caddy.reverse_proxy="{{upstreams 80}}"` – Issue: This label references a variable that is not explicitly defined in the YAML. It should be replaced with the actual upstream service name or IP.
|
||||||
|
**Fix**: Replace `{{upstreams 80}}` with the appropriate upstream service name or IP.
|
||||||
|
|
||||||
|
4. **Placement constraints**: The constraint checks for `node.labels.general == true`, but it does not specify a label to check against, which might lead to unintended placement if no such label is set on any node.
|
||||||
|
- **Fix**: Ensure that there is a label set on nodes like `general=true` or modify the constraint to match an existing label.
|
||||||
|
|
||||||
|
5. **Volumes use /DockerVol/<service> path convention**:
|
||||||
|
- The volumes are correctly using the `/data/nfs/Baxter/Docker/filebrowser/` directory, which does not follow the `/DockerVol/<service>` convention.
|
||||||
|
**Fix**: Modify the volume paths to conform to the specified convention, for example, `volumes: - /DockerVol/filebrowser/config:/config`.
|
||||||
|
|
||||||
|
6. **Network references external netgrimoire overlay**:
|
||||||
|
- The network `netgrimoire` is correctly referenced and is set as external.
|
||||||
|
|
||||||
|
**VERDICT**: FAIL
|
||||||
Loading…
Add table
Add a link
Reference in a new issue