audit(gremlin): authelia FAIL 2026-04-03

Netgrimoire/Audits/authelia-2026-04-03.md

@@ -0,0 +1,47 @@
+---
+title: Audit - authelia.yaml
+description: Gremlin audit report 2026-04-03
+published: true
+date: 2026-04-03T02:34:59.760Z
+tags: gremlin,audit
+editor: markdown
+dateCreated: 2026-04-03T02:34:59.760Z
+---
+
+# Audit Report — authelia.yaml
+
+**Date:** 2026-04-03  
+**File:** swarm/authelia.yaml  
+**Type:** Docker Swarm  
+**Verdict:** FAIL
+
+---
+
+**Homepage labels:**  
+- **PASS**: homepage.group=Management
+- **PASS**: homepage.name=Authelia
+- **PASS**: homepage.icon=authelia.png
+- **PASS**: homepage.href=https://login.wasted-bandwidth.net
+- **PASS**: homepage.description=SSO / Forward-Auth
+
+**Uptime Kuma labels:**  
+- **PASS**: kuma.authelia.http.name="Authelia"
+- **PASS**: kuma.authelia.http.url=http://authelia:9091
+
+**Caddy labels on exposed services:**  
+- **PASS**: caddy=login.wasted-bandwidth.net
+- **PASS**: caddy.reverse_proxy={{upstreams 9091}}
+
+**Placement constraints:**  
+- **FAIL**: Both 'authelia' and 'redis' are constrained to run on the node 'nas', but there is no guarantee that 'nas' will always be available. Consider using a more flexible constraint.
+- Fix: Change `constraints: - node.hostname == nas` to a more general placement strategy.
+
+**Volumes use /DockerVol/<service> path convention:**  
+- **PASS**: `/DockerVol/authelia/config:/config`
+- **PASS**: `/DockerVol/authelia/secrets:/secrets`
+- **PASS**: `/DockerVol/authelia/redis:/data`
+
+**Network references external netgrimoire overlay:**  
+- **PASS**: `networks: - netgrimoire`
+
+**VERDICT: FAIL**