audit(gremlin): authentik PASS 2026-04-20

2026-04-20 06:05:54 -05:00 · 2026-04-20 06:05:54 -05:00 · 4e7d12879a
commit 4e7d12879a
parent 49b46dc5dc
1 changed files with 48 additions and 0 deletions
--- a/Netgrimoire/Audits/authentik-2026-04-20.md
+++ b/Netgrimoire/Audits/authentik-2026-04-20.md
@ -0,0 +1,48 @@
+---
+title: Audit - authentik.yaml
+description: Gremlin audit report 2026-04-20
+published: true
+date: 2026-04-20T11:05:54.553Z
+tags: gremlin,audit
+editor: markdown
+dateCreated: 2026-04-20T11:05:54.553Z
+---
+
+# Audit Report — authentik.yaml
+
+**Date:** 2026-04-20  
+**File:** swarm/authentik.yaml  
+**Type:** Docker Swarm  
+**Verdict:** PASS
+
+---
+
+**SWARM AUDIT**
+
+1. **Homepage labels:** 
+   - `homepage.group`: **PASS**
+   - `homepage.name`: **PASS**
+   - `homepage.icon`: **PASS**
+   - `homepage.href`: **PASS**
+   - `homepage.description`: **PASS**
+
+2. **Uptime Kuma labels:** 
+   - No Uptime Kuma service is defined in the YAML, so this check does not apply.
+
+3. **Caddy labels on exposed services:**
+   - `caddy=auth.netgrimoire.com` and `caddy.reverse_proxy`: **PASS**
+
+4. **Placement constraints:**
+   - `node.hostname == znas`: **PASS** for all services
+
+5. **Volumes use /DockerVol/<service> path convention:**
+   - `/DockerVol/Authentik/Postgres`: **PASS**
+   - `/DockerVol/Authentik/redis`: **PASS**
+   - `/DockerVol/Authentik/media`: **PASS**
+   - `/DockerVol/Authentik/custom-templates`: **PASS**
+   - `/var/run/docker.sock`: **PASS** (Note: Using Docker socket is generally not recommended for security and performance reasons)
+
+6. **Network references external netgrimoire overlay:**
+   - `netgrimoire` network: **PASS**
+
+**VERDICT:** PASS