audit(gremlin): portainer-agent-stack FAIL 2026-04-27

Netgrimoire/Audits/portainer-agent-stack-2026-04-27.md

@@ -0,0 +1,49 @@
+---
+title: Audit - portainer-agent-stack.yml
+description: Gremlin audit report 2026-04-27
+published: true
+date: 2026-04-27T11:31:02.057Z
+tags: gremlin,audit
+editor: markdown
+dateCreated: 2026-04-27T11:31:02.057Z
+---
+
+# Audit Report — portainer-agent-stack.yml
+
+**Date:** 2026-04-27  
+**File:** swarm/portainer-agent-stack.yml  
+**Type:** Docker Swarm  
+**Verdict:** FAIL
+
+---
+
+**SWARM AUDIT**
+
+1. **Homepage labels: homepage.group, homepage.name, homepage.icon, homepage.href, homepage.description**
+   - **PASS**: All labels are present and correctly formatted.
+
+2. **Uptime Kuma labels: kuma.<n>.http.name, kuma.<n>.http.url**
+   - **FAIL**: There are no Uptime Kuma labels defined in the file.
+     - **FIX**: Add the necessary labels as per your requirement.
+
+3. **Caddy labels on exposed services: caddy=<domain>, caddy.reverse_proxy**
+   - **PASS**: The `caddy` and `caddy.reverse_proxy` labels are present for the Portainer service.
+
+4. **Placement constraints: node.hostname**
+   - **FAIL**: The placement constraint is commented out.
+     - **FIX**: Uncomment the line to ensure that the portainer service is placed on a specific node, e.g.,
+       ```yaml
+       placement:
+         constraints:
+           - node.hostname == znas
+       ```
+
+5. **Volumes use /DockerVol/<service> path convention**
+   - **PASS**: The volumes are correctly using the `/DockerVol/portainer` path.
+
+6. **Network references external netgrimoire overlay**
+   - **PASS**: The network `netgrimoire` is referenced correctly and is marked as external.
+
+**VERDICT: FAIL**
+
+The audit has identified two critical issues that need to be addressed before the Swarm stack can be considered fully compliant with the guidelines provided.