From 9500ddc96b1d74379717e34f600acc471c94ba8f Mon Sep 17 00:00:00 2001 From: traveler Date: Wed, 1 Apr 2026 22:25:20 -0500 Subject: [PATCH] audit(gremlin): Calibre-web FAIL 2026-04-02 --- Netgrimoire/Audits/Calibre-web-2026-04-02.md | 51 +++++++++----------- 1 file changed, 24 insertions(+), 27 deletions(-) diff --git a/Netgrimoire/Audits/Calibre-web-2026-04-02.md b/Netgrimoire/Audits/Calibre-web-2026-04-02.md index 0dc41b9..41ad58b 100644 --- a/Netgrimoire/Audits/Calibre-web-2026-04-02.md +++ b/Netgrimoire/Audits/Calibre-web-2026-04-02.md @@ -2,10 +2,10 @@ title: Audit - Calibre-web.yaml description: Gremlin audit report 2026-04-02 published: true -date: 2026-04-02T03:07:32.220Z +date: 2026-04-02T03:25:20.427Z tags: gremlin,audit editor: markdown -dateCreated: 2026-04-02T03:07:32.220Z +dateCreated: 2026-04-02T03:25:20.427Z --- # Audit Report — Calibre-web.yaml @@ -13,38 +13,35 @@ dateCreated: 2026-04-02T03:07:32.220Z **Date:** 2026-04-02 **File:** swarm/Calibre-web.yaml **Type:** Docker Swarm -**Verdict:** PASS +**Verdict:** FAIL --- -**SWARM AUDIT** +1. Homepage labels: + - homepage.group: "PNCHarris Apps" (PASS) + - homepage.name: "Family Library" (PASS) + - homepage.icon: "calibre-web.png" (PASS) + - homepage.href: "https://books.netgrimoire.com" (PASS) + - homepage.description: "Calibre-Web Automated" (PASS) -1. **Homepage labels**: - - `homepage.group`: PNCHarris Apps (PASS) - - `homepage.name`: Family Library (PASS) - - `homepage.icon`: calibre-web.png (PASS) - - `homepage.href`: https://books.netgrimoire.com (PASS) - - `homepage.description`: Calibre-Web Automated (PASS) +2. Uptime Kuma labels: + - kuma.cwa.http.name: "Calibre-Web Automated" (PASS) + - kuma.cwa.http.url: "http://calibre-web-automated:8083" (PASS) -2. **Uptime Kuma labels**: - - `kuma.cwa.http.name`: Calibre-Web Automated (PASS) - - `kuma.cwa.http.url`: http://calibre-web-automated:8083 (PASS) +3. Caddy labels on exposed services: + - caddy=books.netgrimoire.com , books.pncharris.com (PASS) + - caddy.reverse_proxy: calibre-web-automated:8083 (PASS) -3. **Caddy labels on exposed services**: - - `caddy`: books.netgrimoire.com, books.pncharris.com (PASS) - - `caddy.reverse_proxy`: calibre-web-automated:8083 (PASS) +4. Placement constraints: + - node.hostname == znas (PASS) -4. **Placement constraints**: - - `node.hostname == znas` (PASS) +5. Volumes use /DockerVol/ path convention: + - /DockerVol/Calibre-web/Config:/config (PASS) + - /data/nfs/znas/Data/media/books/library/Netgrimoire:/calibre-library:shared (FAIL, should not be mounted to host directly; instead, use a volume or bind mount within Docker) -5. **Volumes use /DockerVol/ path convention**: - - `/DockerVol/Calibre-web/Config:/config` (PASS) - - `/calibre-library:shared` (FAIL) - Volume should be mounted under the `/DockerVol` directory for consistency. +6. Network references external netgrimoire overlay: + - netgrimoire (PASS) -6. **Network references external netgrimoire overlay**: - - `netgrimoire`: External network reference is correct (PASS) +**VERDICT: FAIL** -**Fixes**: -- Change volume mapping to follow the `/DockerVol/` convention: `- /DockerVol/calibre-library:/calibre-library:shared` - -**VERDICT**: FAIL \ No newline at end of file +The issue with the Volumes use /DockerVol/ path convention needs to be addressed as it poses security risks and limits portability of the infrastructure. All volumes should be managed within Docker or using bind mounts inside the container, not directly on the host. \ No newline at end of file