audit(gremlin): kopia FAIL 2026-04-13

Netgrimoire/Audits/kopia-2026-04-13.md

@@ -0,0 +1,51 @@
+---
+title: Audit - kopia.yaml
+description: Gremlin audit report 2026-04-13
+published: true
+date: 2026-04-13T11:18:58.127Z
+tags: gremlin,audit
+editor: markdown
+dateCreated: 2026-04-13T11:18:58.127Z
+---
+
+# Audit Report — kopia.yaml
+
+**Date:** 2026-04-13  
+**File:** swarm/kopia.yaml  
+**Type:** Docker Swarm  
+**Verdict:** FAIL
+
+---
+
+1. **Homepage labels**:
+   - PASS: `homepage.group` is set to "Backup"
+   - PASS: `homepage.name` is set to "Kopia"
+   - PASS: `homepage.icon` follows the convention (e.g., "kopia.png")
+   - PASS: `homepage.href` is set to "https://kopia.netgrimoire.com"
+   - PASS: `homepage.description` is provided
+
+2. **Uptime Kuma labels**:
+   - PASS: `kuma.kopia.http.name` is set to "Kopia"
+   - PASS: `kuma.kopia.http.url` is set to "https://kopia.netgrimoire.com"
+
+3. **Caddy labels on exposed services**:
+   - FAIL: Caddy labels are commented out (`# caddy=...`), and the import statements seem redundant with environment variables.
+   - Fix: Uncomment the Caddy labels and ensure they are correctly formatted. For example:
+     ```yaml
+     # --- Caddy ---
+     caddy: kopia.netgrimoire.com
+     caddy.reverse_proxy: kopia:51515
+     ```
+
+4. **Placement constraints**:
+   - PASS: `node.hostname` is set to "znas"
+
+5. **Volumes use /DockerVol/<service> path convention**:
+   - PASS: All volumes follow the convention (e.g., `/DockerVol/kopia/config:/app/config`, etc.)
+
+6. **Network references external netgrimoire overlay**:
+   - PASS: The network `netgrimoire` is referenced as an external network
+
+**VERDICT: FAIL**
+
+The Caddy labels are commented out, which prevents the service from being accessible via Caddy server. Uncomment and properly configure these labels to meet the requirements.