audit(gremlin): kuma FAIL 2026-04-13

Netgrimoire/Audits/kuma-2026-04-13.md

@@ -0,0 +1,51 @@
+---
+title: Audit - kuma.yaml
+description: Gremlin audit report 2026-04-13
+published: true
+date: 2026-04-13T11:20:00.830Z
+tags: gremlin,audit
+editor: markdown
+dateCreated: 2026-04-13T11:20:00.830Z
+---
+
+# Audit Report — kuma.yaml
+
+**Date:** 2026-04-13  
+**File:** swarm/kuma.yaml  
+**Type:** Docker Swarm  
+**Verdict:** FAIL
+
+---
+
+**SWARM AUDIT**
+
+1. **Homepage labels:**
+   - `homepage.group`, `homepage.name`, `homepage.icon`, `homepage.href`, and `homepage.description` are all present and correctly formatted.
+   - PASS
+
+2. **Uptime Kuma labels:**
+   - `kuma.kuma.http.name` and `kuma.kuma.http.url` are both present and correctly formatted.
+   - PASS
+
+3. **Caddy labels on exposed services:**
+   - The Caddy label `caddy=kuma.netgrimoire.com` is present for the `kuma` service, but it seems redundant since it's also a homepage label.
+   - The Caddy label `caddy.reverse_proxy=kuma:3001` is not present for any service. It should be added to ensure that Caddy correctly proxies requests to Kuma.
+   - FAIL: Missing `caddy.reverse_proxy=kuma:3001`
+
+4. **Placement constraints:**
+   - The constraint `- node.hostname == docker3` is present for the `kuma` service, ensuring it runs on the specified node.
+   - PASS
+
+5. **Volumes use /DockerVol/<service> path convention:**
+   - Both `kuma` and `autokuma` volumes follow the `/DockerVol/<service>` path convention.
+   - PASS
+
+6. **Network references external netgrimoire overlay:**
+   - The `netgrimoire` network is correctly referenced as an external network.
+   - PASS
+
+**VERDICT: FAIL**
+
+The audit identified one issue that needs to be addressed:
+
+- The Caddy label `caddy.reverse_proxy=kuma:3001` is missing for the `kuma` service, which prevents Caddy from properly proxying requests to Kuma.