From 6d8c4151cc65ac5bc94b53303f000400f383083e Mon Sep 17 00:00:00 2001
From: traveler <traveler@wasted-bandwidth.net>
Date: Mon, 27 Apr 2026 06:37:38 -0500
Subject: [PATCH] audit(gremlin): tmm FAIL 2026-04-27

---
 Netgrimoire/Audits/tmm-2026-04-27.md | 63 ++++++++++++++++++++++++++++
 1 file changed, 63 insertions(+)
 create mode 100644 Netgrimoire/Audits/tmm-2026-04-27.md

diff --git a/Netgrimoire/Audits/tmm-2026-04-27.md b/Netgrimoire/Audits/tmm-2026-04-27.md
new file mode 100644
index 0000000..a4ac408
--- /dev/null
+++ b/Netgrimoire/Audits/tmm-2026-04-27.md
@@ -0,0 +1,63 @@
+---
+title: Audit - tmm.yaml
+description: Gremlin audit report 2026-04-27
+published: true
+date: 2026-04-27T11:37:37.987Z
+tags: gremlin,audit
+editor: markdown
+dateCreated: 2026-04-27T11:37:37.987Z
+---
+
+# Audit Report — tmm.yaml
+
+**Date:** 2026-04-27  
+**File:** swarm/tmm.yaml  
+**Type:** Docker Swarm  
+**Verdict:** FAIL
+
+---
+
+**SWARM AUDIT CHECKS**
+
+1. **Homepage labels**: All homepage labels (`homepage.group`, `homepage.name`, `homepage.icon`, `homepage.href`, `homepage.description`) are present and correctly formatted.
+   - PASS
+
+2. **Uptime Kuma labels**: The kuma labels (`kuma.app.http.name`, `kuma.app.http.url`) are present but the label keys are not formatted according to the convention provided (e.g., `kuma.<n>.http.name` should be `kuma.service1.http.name`).
+   - FAIL
+     - **Fix**: Update kuma labels to use a sequential naming convention, e.g.:
+       ```yaml
+       kuma.service1.http.name: "Tiny Media Manager"
+       kuma.service1.http.url: "http://tinymediamanager_service:4000"
+       ```
+
+3. **Caddy labels on exposed services**: The caddy labels (`caddy=<domain>`, `caddy.reverse_proxy`) are present but the domain should be updated to use the correct subdomain.
+   - FAIL
+     - **Fix**: Update the Caddy configuration with a valid domain:
+       ```yaml
+       caddy: "tmm.netgrimoire.com"
+       caddy.import: "authentik"
+       caddy.reverse_proxy: "tinymediamanager_service:4000"
+       ```
+
+4. **Placement constraints**: There are no placement constraints defined in the `deploy` block.
+   - FAIL
+     - **Fix**: Add a placement constraint to specify where the service should run, e.g.:
+       ```yaml
+       deploy:
+         placement:
+           constraints: [node.hostname == "your-node-hostname"]
+       ```
+
+5. **Volumes use `/DockerVol/<service>` path convention**: The volumes are currently specified as `/data/nfs/Baxter/Docker/tinymediamanager:/config:rw` and `/data/nfs/Baxter:/media:rw`, which do not follow the `/DockerVol/<service>` convention.
+   - FAIL
+     - **Fix**: Update the volume paths to use the `/DockerVol/<service>` convention, e.g.:
+       ```yaml
+       volumes:
+         - /DockerVol/tinymediamanager/config:/config:rw
+         - /DockerVol/tinymediamanager/media:/media:rw
+       ```
+
+6. **Network references external `netgrimoire` overlay**: The network is correctly referenced as `netgrimoire`.
+   - PASS
+
+**VERDICT: FAIL**
\ No newline at end of file