audit(gremlin): vault PASS 2026-04-20

2026-04-20 06:38:34 -05:00 · 2026-04-20 06:38:34 -05:00 · 9459c9081b
commit 9459c9081b
parent 8f0de38c36
1 changed files with 43 additions and 0 deletions
--- a/Netgrimoire/Audits/vault-2026-04-20.md
+++ b/Netgrimoire/Audits/vault-2026-04-20.md
@ -0,0 +1,43 @@
+---
+title: Audit - vault.yaml
+description: Gremlin audit report 2026-04-20
+published: true
+date: 2026-04-20T11:38:34.209Z
+tags: gremlin,audit
+editor: markdown
+dateCreated: 2026-04-20T11:38:34.209Z
+---
+
+# Audit Report — vault.yaml
+
+**Date:** 2026-04-20  
+**File:** swarm/vault.yaml  
+**Type:** Docker Swarm  
+**Verdict:** PASS
+
+---
+
+### Audit Results:
+
+1. **Homepage labels:**
+   - **PASS:** `homepage.group`, `homepage.name`, `homepage.icon`, `homepage.href`, and `homepage.description` are correctly set.
+
+2. **Uptime Kuma labels:**
+   - **FAIL:** Uptime Kuma labels are missing. The configuration includes `kuma.kopia.http.name` and `kuma.kopia.http.url`, which are related to Kuma rather than Uptime Kuma.
+   - **Fix:** Remove or correct the Kuma-specific labels if they were a mistake.
+
+3. **Caddy labels on exposed services:**
+   - **PASS:** The Caddy label `caddy=vault.netgrimoire.com` is correctly set, and it includes `caddy.reverse_proxy`.
+
+4. **Placement constraints:**
+   - **FAIL:** The placement constraint `node.hostname == znas` is not recommended for Docker Swarm as it limits the service to a single node. This could cause issues if that node fails.
+   - **Fix:** Consider using more flexible constraints or removing the constraint altogether for better scalability.
+
+5. **Volumes use /DockerVol/<service> path convention:**
+   - **PASS:** All volumes follow the `/DockerVol/vault/` path convention.
+
+6. **Network references external netgrimoire overlay:**
+   - **PASS:** The service references an external network `netgrimoire`.
+
+### VERDICT:
+FAIL