audit(gremlin): scanopy PASS 2026-04-27

Netgrimoire/Audits/scanopy-2026-04-27.md

@@ -0,0 +1,51 @@
+---
+title: Audit - scanopy.yaml
+description: Gremlin audit report 2026-04-27
+published: true
+date: 2026-04-27T11:35:01.637Z
+tags: gremlin,audit
+editor: markdown
+dateCreated: 2026-04-27T11:35:01.637Z
+---
+
+# Audit Report — scanopy.yaml
+
+**Date:** 2026-04-27  
+**File:** swarm/scanopy.yaml  
+**Type:** Docker Swarm  
+**Verdict:** PASS
+
+---
+
+**SWARM AUDIT**
+
+1. **Homepage labels**: All homepage labels are correctly set.
+   - `homepage.group: "Monitoring"`
+   - `homepage.name: "Scanopy"`
+   - `homepage.icon: "scanopy.png"`
+   - `homepage.href: "https://scan.netgrimoire.com"`
+   - `homepage.description: "Network discovery & topology"`
+
+2. **Uptime Kuma labels**: The kuma labels are correctly set to refer to the Scanopy service.
+   - `kuma.scanopy.http.name: "Scanopy"`
+   - `kuma.scanopy.http.url: "http://server:60072"`
+
+3. **Caddy labels on exposed services**:
+   - The Caddy label for the server service is correctly set to forward traffic to Scanopy.
+     - `caddy: "scn.netgrimoire.com"`
+     - `caddy.import: "authentik"`
+     - `caddy.reverse_proxy: "{{upstreams 60072}}"`
+
+4. **Placement constraints**: All services are constrained to run on the node with hostname `docker4`.
+   - `placement.constraints: - node.hostname == docker4`
+
+5. **Volumes use /DockerVol/<service> path convention**:
+   - Volumes for all services follow the `/DockerVol/<service>` path convention.
+     - `postgres`: `/DockerVol/scanopy/postgres`
+     - `server`: `/DockerVol/scanopy/server-data`
+     - `daemon`: `/DockerVol/scanopy/daemon-config`
+
+6. **Network references external netgrimoire overlay**:
+   - All services reference the external network `netgrimoire`.
+
+**VERDICT: PASS**