audit(gremlin): tmm FAIL 2026-04-20
This commit is contained in:
parent
6e74c0db9c
commit
8f0de38c36
1 changed files with 65 additions and 0 deletions
65
Netgrimoire/Audits/tmm-2026-04-20.md
Normal file
65
Netgrimoire/Audits/tmm-2026-04-20.md
Normal file
|
|
@ -0,0 +1,65 @@
|
||||||
|
---
|
||||||
|
title: Audit - tmm.yaml
|
||||||
|
description: Gremlin audit report 2026-04-20
|
||||||
|
published: true
|
||||||
|
date: 2026-04-20T11:37:42.787Z
|
||||||
|
tags: gremlin,audit
|
||||||
|
editor: markdown
|
||||||
|
dateCreated: 2026-04-20T11:37:42.787Z
|
||||||
|
---
|
||||||
|
|
||||||
|
# Audit Report — tmm.yaml
|
||||||
|
|
||||||
|
**Date:** 2026-04-20
|
||||||
|
**File:** swarm/tmm.yaml
|
||||||
|
**Type:** Docker Swarm
|
||||||
|
**Verdict:** FAIL
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
### SWARM AUDIT RESULTS:
|
||||||
|
|
||||||
|
1. **Homepage labels**:
|
||||||
|
- **PASS**: All required homepage labels are present (`homepage.group`, `homepage.name`, `homepage.icon`, `homepage.href`, `homepage.description`).
|
||||||
|
|
||||||
|
2. **Uptime Kuma labels**:
|
||||||
|
- **FAIL**: The Uptime Kuma labels are missing.
|
||||||
|
- **Issue**: The `kuma.app.http.name` and `kuma.app.http.url` labels are not defined.
|
||||||
|
- **Fix**: Add the following labels under the `deploy` section:
|
||||||
|
```yaml
|
||||||
|
kuma.app.http.name: "Tiny Media Manager"
|
||||||
|
kuma.app.http.url: "http://tinymediamanager_service:4000"
|
||||||
|
```
|
||||||
|
|
||||||
|
3. **Caddy labels on exposed services**:
|
||||||
|
- **PASS**: The Caddy labels are correctly defined.
|
||||||
|
```yaml
|
||||||
|
caddy: "tmm.netgrimoire.com"
|
||||||
|
caddy.import: "authentik"
|
||||||
|
caddy.reverse_proxy: "tinymediamanager_service:4000"
|
||||||
|
```
|
||||||
|
|
||||||
|
4. **Placement constraints**:
|
||||||
|
- **FAIL**: The `node.hostname` constraint is missing.
|
||||||
|
- **Issue**: The `deploy` section does not include a placement constraint for node hostname.
|
||||||
|
- **Fix**: Add the following under the `deploy` section to constrain the service to a specific node:
|
||||||
|
```yaml
|
||||||
|
placement:
|
||||||
|
constraints:
|
||||||
|
- node.hostname == <node_hostname>
|
||||||
|
```
|
||||||
|
|
||||||
|
5. **Volumes use /DockerVol/<service> path convention**:
|
||||||
|
- **FAIL**: The volume paths do not follow the `/DockerVol/<service>` convention.
|
||||||
|
- **Issue**: Volumes are mounted at `/data/nfs/Baxter/Docker/tinymediamanager` and `/data/nfs/Baxter`.
|
||||||
|
- **Fix**: Rename the volumes to use the `/DockerVol/<service>` path convention:
|
||||||
|
```yaml
|
||||||
|
volumes:
|
||||||
|
- /DockerVol/tinymediamanager/config:/config:rw
|
||||||
|
- /DockerVol/tinymediamanager/media:/media:rw
|
||||||
|
```
|
||||||
|
|
||||||
|
6. **Network references external netgrimoire overlay**:
|
||||||
|
- **PASS**: The service references the external `netgrimoire` network.
|
||||||
|
|
||||||
|
### VERDICT: FAIL
|
||||||
Loading…
Add table
Add a link
Reference in a new issue