audit(gremlin): beszel FAIL 2026-04-03

Netgrimoire/Audits/beszel-2026-04-03.md

@@ -0,0 +1,44 @@
+---
+title: Audit - beszel.yaml
+description: Gremlin audit report 2026-04-03
+published: true
+date: 2026-04-03T02:38:47.782Z
+tags: gremlin,audit
+editor: markdown
+dateCreated: 2026-04-03T02:38:47.782Z
+---
+
+# Audit Report — beszel.yaml
+
+**Date:** 2026-04-03  
+**File:** swarm/beszel.yaml  
+**Type:** Docker Swarm  
+**Verdict:** FAIL
+
+---
+
+1. **Homepage labels:** All homepage labels are present.
+   - `homepage.group=Monitoring`
+   - `homepage.name=Beszel`
+   - `homepage.icon=beszel.png`
+   - `homepage.href=https://beszel.netgrimoire.com`
+   - `homepage.description=Beszel Service`
+
+2. **Uptime Kuma labels:** The Uptime Kuma labels are not provided in the deploy block; they should be checked within the service's configuration.
+
+3. **Caddy labels on exposed services:**
+   - `caddy=beszel.netgrimoire.com`
+   - `caddy.import=authentik`
+   - `caddy.reverse_proxy="{{upstreams 8090}}"`
+
+4. **Placement constraints:** The constraint is based on the node label, not the node hostname.
+   - Current: `constraints: ["node.labels.general == true"]`
+   - Fix: Update to use `node.hostname` if necessary.
+
+5. **Volumes use /DockerVol/<service> path convention:**
+   - Volume path: `/data/nfs/znas/Docker/beszel:/beszel_data`
+   - Fix: The volume does not follow the `/DockerVol/<service>` pattern; update to use a standard Docker volume path like `/DockerVol/beszel`.
+
+6. **Network references external netgrimoire overlay:** The network is correctly referenced as `netgrimoire`, which is an external overlay.
+
+**VERDICT: FAIL**