From d5128f499241d7ca28c629059079805d2ea1a1fb Mon Sep 17 00:00:00 2001 From: traveler Date: Wed, 1 Apr 2026 22:26:05 -0500 Subject: [PATCH] audit(gremlin): Calibre-web FAIL 2026-04-02 --- Netgrimoire/Audits/Calibre-web-2026-04-02.md | 48 ++++++++++---------- 1 file changed, 25 insertions(+), 23 deletions(-) diff --git a/Netgrimoire/Audits/Calibre-web-2026-04-02.md b/Netgrimoire/Audits/Calibre-web-2026-04-02.md index 41ad58b..6a0ecb3 100644 --- a/Netgrimoire/Audits/Calibre-web-2026-04-02.md +++ b/Netgrimoire/Audits/Calibre-web-2026-04-02.md @@ -2,10 +2,10 @@ title: Audit - Calibre-web.yaml description: Gremlin audit report 2026-04-02 published: true -date: 2026-04-02T03:25:20.427Z +date: 2026-04-02T03:26:05.006Z tags: gremlin,audit editor: markdown -dateCreated: 2026-04-02T03:25:20.427Z +dateCreated: 2026-04-02T03:26:05.006Z --- # Audit Report — Calibre-web.yaml @@ -17,31 +17,33 @@ dateCreated: 2026-04-02T03:25:20.427Z --- -1. Homepage labels: - - homepage.group: "PNCHarris Apps" (PASS) - - homepage.name: "Family Library" (PASS) - - homepage.icon: "calibre-web.png" (PASS) - - homepage.href: "https://books.netgrimoire.com" (PASS) - - homepage.description: "Calibre-Web Automated" (PASS) +### SWARM AUDIT REPORT -2. Uptime Kuma labels: - - kuma.cwa.http.name: "Calibre-Web Automated" (PASS) - - kuma.cwa.http.url: "http://calibre-web-automated:8083" (PASS) +#### Homepage Labels +- **PASS**: All homepage labels are set correctly. -3. Caddy labels on exposed services: - - caddy=books.netgrimoire.com , books.pncharris.com (PASS) - - caddy.reverse_proxy: calibre-web-automated:8083 (PASS) +#### Uptime Kuma Labels +- **PASS**: All kuma.cwa.http.name and kuma.cwa.http.url labels are set correctly. -4. Placement constraints: - - node.hostname == znas (PASS) +#### Caddy Labels on Exposed Services +- **PASS**: The caddy label is set to "books.netgrimoire.com , books.pncharris.com" and reverse_proxy is set to "calibre-web-automated:8083". -5. Volumes use /DockerVol/ path convention: - - /DockerVol/Calibre-web/Config:/config (PASS) - - /data/nfs/znas/Data/media/books/library/Netgrimoire:/calibre-library:shared (FAIL, should not be mounted to host directly; instead, use a volume or bind mount within Docker) +#### Placement Constraints +- **FAIL**: The placement constraint should use the service name instead of the hostname. It should be: + ```yaml + constraints: + - node.hostname == znas + ``` + Should be changed to: + ```yaml + constraints: + - node.role == manager + ``` -6. Network references external netgrimoire overlay: - - netgrimoire (PASS) +#### Volumes Use /DockerVol/ Path Convention +- **PASS**: The volumes use the /DockerVol/Calibre-web path convention. -**VERDICT: FAIL** +#### Network References External Netgrimoire Overlay +- **PASS**: The service references an external netgrimoire network. -The issue with the Volumes use /DockerVol/ path convention needs to be addressed as it poses security risks and limits portability of the infrastructure. All volumes should be managed within Docker or using bind mounts inside the container, not directly on the host. \ No newline at end of file +### VERDICT: FAIL \ No newline at end of file