diff --git a/Netgrimoire/Audits/web-2026-05-04.md b/Netgrimoire/Audits/web-2026-05-04.md new file mode 100644 index 0000000..c94004e --- /dev/null +++ b/Netgrimoire/Audits/web-2026-05-04.md @@ -0,0 +1,54 @@ +--- +title: Audit - web.yaml +description: Gremlin audit report 2026-05-04 +published: true +date: 2026-05-04T11:44:47.635Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-05-04T11:44:47.635Z +--- + +# Audit Report — web.yaml + +**Date:** 2026-05-04 +**File:** swarm/web.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +1. **Homepage labels**: + - `homepage.group` is missing. + - `homepage.href` is missing. + - `homepage.description` is missing. + +2. **Uptime Kuma labels**: + - `kuma.web.http.name` and `kuma.web.http.url` are correct. + +3. **Caddy labels on exposed services**: + - The `caddy.reverse_proxy` should be `"web:80"` instead of `"web:80"`. + - `caddy.import=authentik` and `caddy.import=crowdsec` should specify the domain names for these imports. + +4. **Placement constraints**: + - `node.labels.cpu == amd` is correctly placed, but `node.hostname` is not specified in the constraints. + +5. **Volumes use /DockerVol/ path convention**: + - The volumes are using a different convention (`/data/nfs/znas/Docker/web/pages` and `/data/nfs/znas/Docker/web/apache`). + +6. **Network references external netgrimoire overlay**: + - The `netgrimoire` network is correctly referenced as an external network. + +**FAIL items with specific issue and fix**: +- `homepage.group`, `homepage.href`, and `homepage.description` are missing from the labels. + - Fix: Add these labels to provide a complete homepage configuration. + +- The Caddy label for reverse proxy should be corrected. + - Fix: Change `"caddy.reverse_proxy=\"web:80\""` to `"caddy.reverse_proxy=web:80"`. + +- The `caddy.import` labels should specify domain names. + - Fix: Provide specific domain names for the imports, e.g., `caddy.import=authentik.example.com` and `caddy.import=crowdsec.example.com`. + +- Volumes are using a different convention. + - Fix: Use `/DockerVol/web/pages` and `/DockerVol/web/apache` for volumes. + +**Final line**: VERDICT: FAIL \ No newline at end of file