audit(gremlin): ntfy FAIL 2026-05-04

Netgrimoire/Audits/ntfy-2026-05-04.md

@@ -0,0 +1,51 @@
+---
+title: Audit - ntfy.yaml
+description: Gremlin audit report 2026-05-04
+published: true
+date: 2026-05-04T11:29:38.605Z
+tags: gremlin,audit
+editor: markdown
+dateCreated: 2026-05-04T11:29:38.605Z
+---
+
+# Audit Report — ntfy.yaml
+
+**Date:** 2026-05-04  
+**File:** swarm/ntfy.yaml  
+**Type:** Docker Swarm  
+**Verdict:** FAIL
+
+---
+
+1. **Homepage labels**:
+   - `homepage.group`: Notify (PASS)
+   - `homepage.name`: ntfy (PASS)
+   - `homepage.icon`: ntfy.png (PASS)
+   - `homepage.href`: https://ntfy.netgrimoire.com (PASS)
+   - `homepage.description`: Push Notifications (PASS)
+
+2. **Uptime Kuma labels**:
+   - No Uptime Kuma labels are present in the file. This is a potential issue since it might affect monitoring and alerting.
+     - FIX: Add necessary Uptime Kuma labels to monitor the service.
+
+3. **Caddy labels on exposed services**:
+   - `caddy`: ntfy.netgrimoire.com (PASS)
+   - `caddy.reverse_proxy`: ntfy:80 (PASS)
+
+4. **Placement constraints**:
+   - Placement constraint uses node.platform.arch != aarch64 and node.platform.arch != arm (PASS)
+   - No specific hostname constraint is mentioned. This might limit the service to nodes that match these architectures.
+     - FIX: Consider adding `node.hostname` constraints if needed.
+
+5. **Volumes use /DockerVol/<service> path convention**:
+   - Volumes do not follow the /DockerVol/<service> path convention:
+     - `/data/nfs/znas/Docker/ntfy/cache:/var/cache/ntfy`
+     - `/data/nfs/znas/Docker/ntfy/etc:/etc/ntfy`
+     - FIX: Update volume paths to conform to the specified convention.
+
+6. **Network references external netgrimoire overlay**:
+   - Network `netgrimoire` is referenced and marked as external (PASS)
+
+**VERDICT: FAIL**
+
+Due to the presence of a non-compliant volume path, the audit fails. It's recommended to address this issue to ensure consistency and maintainability within the homelab infrastructure.