traveler/Netgrimoire
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

audit(gremlin): tmm FAIL 2026-04-27

Browse source
This commit is contained in:
traveler 2026-04-27 06:37:38 -05:00
parent a98d4d7757
commit 6d8c4151cc
1 changed files with 63 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

63
Netgrimoire/Audits/tmm-2026-04-27.md Normal file
View file

@ -0,0 +1,63 @@
---
title: Audit - tmm.yaml
description: Gremlin audit report 2026-04-27
published: true
date: 2026-04-27T11:37:37.987Z
tags: gremlin,audit
editor: markdown
dateCreated: 2026-04-27T11:37:37.987Z
---
# Audit Report — tmm.yaml
**Date:** 2026-04-27
**File:** swarm/tmm.yaml
**Type:** Docker Swarm
**Verdict:** FAIL
---
**SWARM AUDIT CHECKS**
1. **Homepage labels**: All homepage labels (`homepage.group`, `homepage.name`, `homepage.icon`, `homepage.href`, `homepage.description`) are present and correctly formatted.
- PASS
2. **Uptime Kuma labels**: The kuma labels (`kuma.app.http.name`, `kuma.app.http.url`) are present but the label keys are not formatted according to the convention provided (e.g., `kuma.<n>.http.name` should be `kuma.service1.http.name`).
- FAIL
- **Fix**: Update kuma labels to use a sequential naming convention, e.g.:
```yaml
kuma.service1.http.name: "Tiny Media Manager"
kuma.service1.http.url: "http://tinymediamanager_service:4000"
```
3. **Caddy labels on exposed services**: The caddy labels (`caddy=<domain>`, `caddy.reverse_proxy`) are present but the domain should be updated to use the correct subdomain.
- FAIL
- **Fix**: Update the Caddy configuration with a valid domain:
```yaml
caddy: "tmm.netgrimoire.com"
caddy.import: "authentik"
caddy.reverse_proxy: "tinymediamanager_service:4000"
```
4. **Placement constraints**: There are no placement constraints defined in the `deploy` block.
- FAIL
- **Fix**: Add a placement constraint to specify where the service should run, e.g.:
```yaml
deploy:
placement:
constraints: [node.hostname == "your-node-hostname"]
```
5. **Volumes use `/DockerVol/<service>` path convention**: The volumes are currently specified as `/data/nfs/Baxter/Docker/tinymediamanager:/config:rw` and `/data/nfs/Baxter:/media:rw`, which do not follow the `/DockerVol/<service>` convention.
- FAIL
- **Fix**: Update the volume paths to use the `/DockerVol/<service>` convention, e.g.:
```yaml
volumes:
- /DockerVol/tinymediamanager/config:/config:rw
- /DockerVol/tinymediamanager/media:/media:rw
```
6. **Network references external `netgrimoire` overlay**: The network is correctly referenced as `netgrimoire`.
- PASS
**VERDICT: FAIL**