From 9459c9081bfd9a38960a222c61787b9b5047a9d7 Mon Sep 17 00:00:00 2001
From: traveler <traveler@wasted-bandwidth.net>
Date: Mon, 20 Apr 2026 06:38:34 -0500
Subject: [PATCH] audit(gremlin): vault PASS 2026-04-20

---
 Netgrimoire/Audits/vault-2026-04-20.md | 43 ++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 Netgrimoire/Audits/vault-2026-04-20.md

diff --git a/Netgrimoire/Audits/vault-2026-04-20.md b/Netgrimoire/Audits/vault-2026-04-20.md
new file mode 100644
index 0000000..8925a26
--- /dev/null
+++ b/Netgrimoire/Audits/vault-2026-04-20.md
@@ -0,0 +1,43 @@
+---
+title: Audit - vault.yaml
+description: Gremlin audit report 2026-04-20
+published: true
+date: 2026-04-20T11:38:34.209Z
+tags: gremlin,audit
+editor: markdown
+dateCreated: 2026-04-20T11:38:34.209Z
+---
+
+# Audit Report — vault.yaml
+
+**Date:** 2026-04-20  
+**File:** swarm/vault.yaml  
+**Type:** Docker Swarm  
+**Verdict:** PASS
+
+---
+
+### Audit Results:
+
+1. **Homepage labels:**
+   - **PASS:** `homepage.group`, `homepage.name`, `homepage.icon`, `homepage.href`, and `homepage.description` are correctly set.
+
+2. **Uptime Kuma labels:**
+   - **FAIL:** Uptime Kuma labels are missing. The configuration includes `kuma.kopia.http.name` and `kuma.kopia.http.url`, which are related to Kuma rather than Uptime Kuma.
+   - **Fix:** Remove or correct the Kuma-specific labels if they were a mistake.
+
+3. **Caddy labels on exposed services:**
+   - **PASS:** The Caddy label `caddy=vault.netgrimoire.com` is correctly set, and it includes `caddy.reverse_proxy`.
+
+4. **Placement constraints:**
+   - **FAIL:** The placement constraint `node.hostname == znas` is not recommended for Docker Swarm as it limits the service to a single node. This could cause issues if that node fails.
+   - **Fix:** Consider using more flexible constraints or removing the constraint altogether for better scalability.
+
+5. **Volumes use /DockerVol/<service> path convention:**
+   - **PASS:** All volumes follow the `/DockerVol/vault/` path convention.
+
+6. **Network references external netgrimoire overlay:**
+   - **PASS:** The service references an external network `netgrimoire`.
+
+### VERDICT:
+FAIL
\ No newline at end of file