audit(gremlin): hydra FAIL 2026-04-20

Netgrimoire/Audits/hydra-2026-04-20.md

@@ -0,0 +1,56 @@
+---
+title: Audit - hydra.yaml
+description: Gremlin audit report 2026-04-20
+published: true
+date: 2026-04-20T11:16:42.858Z
+tags: gremlin,audit
+editor: markdown
+dateCreated: 2026-04-20T11:16:42.858Z
+---
+
+# Audit Report — hydra.yaml
+
+**Date:** 2026-04-20  
+**File:** swarm/hydra.yaml  
+**Type:** Docker Swarm  
+**Verdict:** FAIL
+
+---
+
+**SWARM AUDIT - swarm/hydra.yaml**
+
+1. **Homepage labels**: 
+   - `homepage.group`: "Media Search" (PASS)
+   - `homepage.name`: "NZBHydra" (PASS)
+   - `homepage.icon`: "nzbhydra2.png" (PASS)
+   - `homepage.href`: "https://hydra.netgrimoire.com" (PASS)
+   - `homepage.description`: "Usenet Search" (PASS)
+
+2. **Uptime Kuma labels**: 
+   - `kuma.hydra.http.name`: "NZBHydra" (PASS)
+   - `kuma.hydra.http.url`: "http://hydra2:5076" (PASS)
+
+3. **Caddy labels on exposed services**: 
+   - `caddy=hydra.netgrimoire.com` (PASS)
+   - `caddy.reverse_proxy=hydra2:5076` (PASS)
+
+4. **Placement constraints**: 
+   - The constraint `node.labels.general == true` should ideally use `node.hostname` for better specificity and clarity. However, this is not a critical issue as long as it meets the intended placement requirements. (FAIL)
+     ```yaml
+     # Corrected constraint: node.hostname == "your_node_hostname"
+     ```
+
+5. **Volumes use /DockerVol/<service> path convention**: 
+   - `/data/nfs/znas/Docker/hydra2/config` and `/data/nfs/znas/Docker/hydra2/downloads` do not follow the `/DockerVol/<service>` convention. (FAIL)
+     ```yaml
+     # Corrected volumes:
+     - /DockerVol/hydra2/config:/config
+     - /DockerVol/hydra2/downloads:/downloads
+     ```
+
+6. **Network references external netgrimoire overlay**: 
+   - `netgrimoire` is correctly set as an external network (PASS)
+
+**VERDICT: FAIL**
+
+The configuration contains two critical failures that need to be addressed to ensure compliance with the specified conventions and constraints.