audit(gremlin): caddy FAIL 2026-05-04

Netgrimoire/Audits/caddy-2026-05-04.md

@@ -0,0 +1,45 @@
+---
+title: Audit - caddy.yaml
+description: Gremlin audit report 2026-05-04
+published: true
+date: 2026-05-04T11:50:20.218Z
+tags: gremlin,audit
+editor: markdown
+dateCreated: 2026-05-04T11:50:20.218Z
+---
+
+# Audit Report — caddy.yaml
+
+**Date:** 2026-05-04  
+**File:** swarm/stack/caddy/caddy.yaml  
+**Type:** Docker Swarm  
+**Verdict:** FAIL
+
+---
+
+### SWARM AUDIT RESULTS
+
+1. **Homepage labels**:
+   - **FAIL**: No homepage labels are defined in the `caddy.yaml` file.
+     - **Fix**: Add homepage.labels with relevant keys and values.
+
+2. **Uptime Kuma labels**:
+   - **FAIL**: Uptime Kuma services are not referenced in this file.
+     - **Fix**: Include Uptime Kuma services and their respective labels if applicable.
+
+3. **Caddy labels on exposed services**:
+   - **PASS**: Caddy labels `caddy=<domain>` and `caddy.reverse_proxy` are used as intended.
+
+4. **Placement constraints**:
+   - **PASS**: Node hostname constraints (`node.hostname == znas`) are correctly defined for both the caddy and crowdsec services.
+
+5. **Volumes use /DockerVol/<service> path convention**:
+   - **FAIL**: Volumes do not follow the `/DockerVol/<service>` path convention.
+     - **Fix**: Update volume paths to follow the specified convention, e.g., `/DockerVol/caddy-logs`.
+
+6. **Network references external netgrimoire overlay**:
+   - **PASS**: The `netgrimoire` network is correctly referenced as an external network.
+
+### VERDICT: FAIL
+
+The audit revealed several issues that need to be addressed for the configuration to meet the specified requirements. Specifically, homepage and Uptime Kuma labels are missing, volume paths do not follow the convention, and it's recommended to update these aspects of the `caddy.yaml` file to ensure optimal compliance and functionality within your infrastructure.