From 6f4d19284ca58be80b07525083353c503b63a3af Mon Sep 17 00:00:00 2001
From: traveler <traveler@wasted-bandwidth.net>
Date: Thu, 2 Apr 2026 21:34:59 -0500
Subject: [PATCH] audit(gremlin): authelia FAIL 2026-04-03

---
 Netgrimoire/Audits/authelia-2026-04-03.md | 47 +++++++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 Netgrimoire/Audits/authelia-2026-04-03.md

diff --git a/Netgrimoire/Audits/authelia-2026-04-03.md b/Netgrimoire/Audits/authelia-2026-04-03.md
new file mode 100644
index 0000000..657c19b
--- /dev/null
+++ b/Netgrimoire/Audits/authelia-2026-04-03.md
@@ -0,0 +1,47 @@
+---
+title: Audit - authelia.yaml
+description: Gremlin audit report 2026-04-03
+published: true
+date: 2026-04-03T02:34:59.760Z
+tags: gremlin,audit
+editor: markdown
+dateCreated: 2026-04-03T02:34:59.760Z
+---
+
+# Audit Report — authelia.yaml
+
+**Date:** 2026-04-03  
+**File:** swarm/authelia.yaml  
+**Type:** Docker Swarm  
+**Verdict:** FAIL
+
+---
+
+**Homepage labels:**  
+- **PASS**: homepage.group=Management
+- **PASS**: homepage.name=Authelia
+- **PASS**: homepage.icon=authelia.png
+- **PASS**: homepage.href=https://login.wasted-bandwidth.net
+- **PASS**: homepage.description=SSO / Forward-Auth
+
+**Uptime Kuma labels:**  
+- **PASS**: kuma.authelia.http.name="Authelia"
+- **PASS**: kuma.authelia.http.url=http://authelia:9091
+
+**Caddy labels on exposed services:**  
+- **PASS**: caddy=login.wasted-bandwidth.net
+- **PASS**: caddy.reverse_proxy={{upstreams 9091}}
+
+**Placement constraints:**  
+- **FAIL**: Both 'authelia' and 'redis' are constrained to run on the node 'nas', but there is no guarantee that 'nas' will always be available. Consider using a more flexible constraint.
+- Fix: Change `constraints: - node.hostname == nas` to a more general placement strategy.
+
+**Volumes use /DockerVol/<service> path convention:**  
+- **PASS**: `/DockerVol/authelia/config:/config`
+- **PASS**: `/DockerVol/authelia/secrets:/secrets`
+- **PASS**: `/DockerVol/authelia/redis:/data`
+
+**Network references external netgrimoire overlay:**  
+- **PASS**: `networks: - netgrimoire`
+
+**VERDICT: FAIL**
\ No newline at end of file