audit(gremlin): phpipam FAIL 2026-04-20

Netgrimoire/Audits/phpipam-2026-04-20.md

@@ -0,0 +1,47 @@
+---
+title: Audit - phpipam.yaml
+description: Gremlin audit report 2026-04-20
+published: true
+date: 2026-04-20T11:30:39.255Z
+tags: gremlin,audit
+editor: markdown
+dateCreated: 2026-04-20T11:30:39.255Z
+---
+
+# Audit Report — phpipam.yaml
+
+**Date:** 2026-04-20  
+**File:** swarm/phpipam.yaml  
+**Type:** Docker Swarm  
+**Verdict:** FAIL
+
+---
+
+**Audit Results:**
+
+1. **Homepage labels:** All required homepage labels (`homepage.group`, `homepage.name`, `homepage.icon`, `homepage.href`, `homepage.description`) are present and configured correctly.
+   - `phpipam-web`:
+     - `homepage.group`: Management
+     - `homepage.name`: phpIPAM
+     - `homepage.icon`: ipam.png
+     - `homepage.href`: http://ipam.netgrimoire.com
+     - `homepage.description`: IP Address Management
+
+2. **Caddy labels on exposed services:** The Caddy label (`caddy=ipam.netgrimoire.com`) is present, but there is no corresponding reverse proxy configuration. Fix: Add a `caddy.reverse_proxy` label to the service.
+   - `phpipam-web`: Missing `caddy.reverse_proxy`.
+
+3. **Placement constraints:** All services are constrained to run on `docker3`.
+   - `phpipam-web`
+   - `phpipam-cron`
+   - `phpipam-mariadb`
+
+4. **Volumes use /DockerVol/<service> path convention:** Volumes follow the expected `/DockerVol/<service>` path convention.
+   - `/DockerVol/phpipam/phpipam-logo:/phpipam/css/images/logo`
+   - `/DockerVol/phpipam/mariadb:/var/lib/mysql`
+
+5. **Network references external netgrimoire overlay:** The `netgrimoire` network is correctly referenced as an external network.
+   - `networks: - netgrimoire`
+
+**Verdict: FAIL**
+
+The Caddy label for the exposed service (`phpipam-web`) lacks a reverse proxy configuration, which is necessary for proper functioning.