audit(gremlin): vault FAIL 2026-04-03
This commit is contained in:
parent
d56113c03e
commit
4bc6fc4286
1 changed files with 62 additions and 0 deletions
62
Netgrimoire/Audits/vault-2026-04-03.md
Normal file
62
Netgrimoire/Audits/vault-2026-04-03.md
Normal file
|
|
@ -0,0 +1,62 @@
|
||||||
|
---
|
||||||
|
title: Audit - vault.yaml
|
||||||
|
description: Gremlin audit report 2026-04-03
|
||||||
|
published: true
|
||||||
|
date: 2026-04-03T03:21:32.070Z
|
||||||
|
tags: gremlin,audit
|
||||||
|
editor: markdown
|
||||||
|
dateCreated: 2026-04-03T03:21:32.070Z
|
||||||
|
---
|
||||||
|
|
||||||
|
# Audit Report — vault.yaml
|
||||||
|
|
||||||
|
**Date:** 2026-04-03
|
||||||
|
**File:** swarm/vault.yaml
|
||||||
|
**Type:** Docker Swarm
|
||||||
|
**Verdict:** FAIL
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
1. **Homepage labels**:
|
||||||
|
- `homepage.group`: "Backup"
|
||||||
|
- `homepage.name`: "Vault"
|
||||||
|
- `homepage.icon`: "kopia.png"
|
||||||
|
- `homepage.href`: "https://vault.netgrimoire.com"
|
||||||
|
- `homepage.description`: "Snapshot backup and deduplication"
|
||||||
|
|
||||||
|
**PASS**: All homepage labels are correctly defined.
|
||||||
|
|
||||||
|
2. **Uptime Kuma labels**:
|
||||||
|
- `kuma.kopia.http.name`: "Kopia Web"
|
||||||
|
- `kuma.kopia.http.url`: "http://vault:51515"
|
||||||
|
|
||||||
|
**PASS**: Uptime Kuma labels are correctly defined.
|
||||||
|
|
||||||
|
3. **Caddy labels on exposed services**:
|
||||||
|
- `caddy: vault.netgrimoire.com`
|
||||||
|
- `caddy.reverse_proxy: "https://kopia-server-vault:51516"`
|
||||||
|
|
||||||
|
**FAIL**: The `caddy.reverse_proxy` label is incorrectly configured. It should point to the correct service, likely "vault" instead of "kopia-server-vault".
|
||||||
|
|
||||||
|
4. **Placement constraints**:
|
||||||
|
- `node.hostname == znas`
|
||||||
|
|
||||||
|
**PASS**: Placement constraint correctly targets a specific node.
|
||||||
|
|
||||||
|
5. **Volumes use /DockerVol/<service> path convention**:
|
||||||
|
- `/DockerVol/vault/config:/app/config`
|
||||||
|
- `/DockerVol/vault/cache:/app/cache`
|
||||||
|
- `/DockerVol/vault/cert:/app/cert`
|
||||||
|
- `/srv/vault/backup/repository:/vault`
|
||||||
|
- `/DockerVol/vault/logs:/app/logs`
|
||||||
|
|
||||||
|
**FAIL**: Volume paths do not follow the `/DockerVol/<service>` convention. The volume path for the backup repository should be `/DockerVol/vault/backup/repository`.
|
||||||
|
|
||||||
|
6. **Network references external netgrimoire overlay**:
|
||||||
|
- `netgrimoire`: External
|
||||||
|
|
||||||
|
**PASS**: Network reference is correctly set to an external network.
|
||||||
|
|
||||||
|
**VERDICT: FAIL**
|
||||||
|
|
||||||
|
The configuration contains issues that need to be addressed for the infrastructure to meet the specified standards and function correctly.
|
||||||
Loading…
Add table
Add a link
Reference in a new issue