traveler/Netgrimoire
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

audit(gremlin): Calibre-web FAIL 2026-04-02

Browse source
This commit is contained in:
traveler 2026-04-01 22:26:05 -05:00
parent 9500ddc96b
commit d5128f4992
1 changed files with 25 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

48
Netgrimoire/Audits/Calibre-web-2026-04-02.md
View file

@ -2,10 +2,10 @@
title: Audit - Calibre-web.yaml title: Audit - Calibre-web.yaml
description: Gremlin audit report 2026-04-02 description: Gremlin audit report 2026-04-02
published: true published: true
date: 2026-04-02T03:25:20.427Z date: 2026-04-02T03:26:05.006Z
tags: gremlin,audit tags: gremlin,audit
editor: markdown editor: markdown
dateCreated: 2026-04-02T03:25:20.427Z dateCreated: 2026-04-02T03:26:05.006Z
--- ---
# Audit Report — Calibre-web.yaml # Audit Report — Calibre-web.yaml
@ -17,31 +17,33 @@ dateCreated: 2026-04-02T03:25:20.427Z
--- ---
1. Homepage labels: ### SWARM AUDIT REPORT
- homepage.group: "PNCHarris Apps" (PASS)
- homepage.name: "Family Library" (PASS)
- homepage.icon: "calibre-web.png" (PASS)
- homepage.href: "https://books.netgrimoire.com" (PASS)
- homepage.description: "Calibre-Web Automated" (PASS)
2. Uptime Kuma labels: #### Homepage Labels
- kuma.cwa.http.name: "Calibre-Web Automated" (PASS) - **PASS**: All homepage labels are set correctly.
- kuma.cwa.http.url: "http://calibre-web-automated:8083" (PASS)
3. Caddy labels on exposed services: #### Uptime Kuma Labels
- caddy=books.netgrimoire.com , books.pncharris.com (PASS) - **PASS**: All kuma.cwa.http.name and kuma.cwa.http.url labels are set correctly.
- caddy.reverse_proxy: calibre-web-automated:8083 (PASS)
4. Placement constraints: #### Caddy Labels on Exposed Services
- node.hostname == znas (PASS) - **PASS**: The caddy label is set to "books.netgrimoire.com , books.pncharris.com" and reverse_proxy is set to "calibre-web-automated:8083".
5. Volumes use /DockerVol/<service> path convention: #### Placement Constraints
- /DockerVol/Calibre-web/Config:/config (PASS) - **FAIL**: The placement constraint should use the service name instead of the hostname. It should be:
- /data/nfs/znas/Data/media/books/library/Netgrimoire:/calibre-library:shared (FAIL, should not be mounted to host directly; instead, use a volume or bind mount within Docker) ```yaml
constraints:
- node.hostname == znas
```
Should be changed to:
```yaml
constraints:
- node.role == manager
```
6. Network references external netgrimoire overlay: #### Volumes Use /DockerVol/<service> Path Convention
- netgrimoire (PASS) - **PASS**: The volumes use the /DockerVol/Calibre-web path convention.
**VERDICT: FAIL** #### Network References External Netgrimoire Overlay
- **PASS**: The service references an external netgrimoire network.
The issue with the Volumes use /DockerVol/<service> path convention needs to be addressed as it poses security risks and limits portability of the infrastructure. All volumes should be managed within Docker or using bind mounts inside the container, not directly on the host. ### VERDICT: FAIL