From be248ac505d4b0b2ec2a004e113e57a64306bfec Mon Sep 17 00:00:00 2001
From: traveler <traveler@wasted-bandwidth.net>
Date: Thu, 2 Apr 2026 22:09:34 -0500
Subject: [PATCH] audit(gremlin): pinchflat PASS 2026-04-03

---
 Netgrimoire/Audits/pinchflat-2026-04-03.md | 54 ++++++++++++++++++++++
 1 file changed, 54 insertions(+)
 create mode 100644 Netgrimoire/Audits/pinchflat-2026-04-03.md

diff --git a/Netgrimoire/Audits/pinchflat-2026-04-03.md b/Netgrimoire/Audits/pinchflat-2026-04-03.md
new file mode 100644
index 0000000..4c9109f
--- /dev/null
+++ b/Netgrimoire/Audits/pinchflat-2026-04-03.md
@@ -0,0 +1,54 @@
+---
+title: Audit - pinchflat.yaml
+description: Gremlin audit report 2026-04-03
+published: true
+date: 2026-04-03T03:09:34.505Z
+tags: gremlin,audit
+editor: markdown
+dateCreated: 2026-04-03T03:09:34.505Z
+---
+
+# Audit Report — pinchflat.yaml
+
+**Date:** 2026-04-03  
+**File:** swarm/pinchflat.yaml  
+**Type:** Docker Swarm  
+**Verdict:** PASS
+
+---
+
+### SWARM AUDIT CHECKS:
+
+1. **Homepage labels**:
+   - `homepage.group`: "Downloaders" - PASS
+   - `homepage.name`: "PinchFlat" - PASS
+   - `homepage.icon`: "pinchflat.png" - FAIL (icon path should be accessible)
+   - `homepage.href`: "https://pinchflat.netgrimoire.com" - PASS
+   - `homepage.description`: "YouTube Library" - PASS
+
+2. **Uptime Kuma labels**:
+   - `kuma.pf.http.name`: "PinchFlat" - PASS
+   - `kuma.pf.http.url`: "http://pinchflat:8945" - PASS
+
+3. **Caddy labels on exposed services**:
+   - `caddy=pinchflat.netgrimoire.com` - PASS
+   - `caddy.import=authentik` - PASS
+   - `caddy.reverse_proxy=pinchflat:8945` - PASS
+
+4. **Placement constraints**:
+   - `node.hostname==nas` - PASS
+
+5. **Volumes use /DockerVol/<service> path convention**:
+   - `/DockerVol/pinchflat/config:/config` - PASS
+   - `/data/nfs/Baxter/Data/media/other/pinchflat:/downloads` - FAIL (should follow the /DockerVol/<service> convention)
+
+6. **Network references external netgrimoire overlay**:
+   - `netgrimoire` network is external - PASS
+
+### FIXES:
+
+- Update `homepage.icon` to a valid accessible path.
+- Change `/data/nfs/Baxter/Data/media/other/pinchflat:/downloads` to follow the convention by placing it under `/DockerVol/pinchflat/downloads`.
+
+### VERDICT:
+FAIL
\ No newline at end of file