traveler/Netgrimoire
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

audit(gremlin): beszel FAIL 2026-04-03

Browse source
This commit is contained in:
traveler 2026-04-02 20:49:46 -05:00
parent d3dba8ea24
commit dc78fb5df0
1 changed files with 25 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

51
Netgrimoire/Audits/beszel-2026-04-03.md
View file

@ -2,10 +2,10 @@
title: Audit - beszel.yaml title: Audit - beszel.yaml
description: Gremlin audit report 2026-04-03 description: Gremlin audit report 2026-04-03
published: true published: true
date: 2026-04-03T01:40:22.839Z date: 2026-04-03T01:49:45.885Z
tags: gremlin,audit tags: gremlin,audit
editor: markdown editor: markdown
dateCreated: 2026-04-03T01:40:22.839Z dateCreated: 2026-04-03T01:49:45.885Z
--- ---
# Audit Report — beszel.yaml # Audit Report — beszel.yaml
@ -17,34 +17,33 @@ dateCreated: 2026-04-03T01:40:22.839Z
--- ---
### Audit Report for `swarm/beszel.yaml` **SWARM AUDIT RESULTS**
1. **Homepage Labels**: 1. **Homepage labels**:
- `homepage.group`: **PASS** - `homepage.group`: Monitoring (PASS)
- `homepage.name`: **PASS** - `homepage.name`: Beszel (PASS)
- `homepage.icon`: **PASS** - `homepage.icon`: beszel.png (PASS)
- `homepage.href`: **PASS** - `homepage.href`: https://beszel.netgrimoire.com (PASS)
- `homepage.description`: **PASS** - `homepage.description`: Beszel Service (PASS)
2. **Uptime Kuma Labels**: 2. **Uptime Kuma labels**:
- `kuma.beszel.http.name`: **PASS** - Not applicable as there are no Uptime Kuma services deployed in this configuration (PASS)
- `kuma.beszel.http.url`: **PASS**
3. **Caddy Labels on Exposed Services**: 3. **Caddy labels on exposed services**:
- `caddy=beszel.netgrimoire.com`: **PASS** - `caddy=beszel.netgrimoire.com` (PASS)
- `caddy.reverse_proxy={{upstreams 8090}}`: **PASS** - `caddy.reverse_proxy="{{upstreams 8090}}"` (PASS)
4. **Placement Constraints**: 4. **Placement constraints**:
- `node.labels.general == true`: **FAIL** - The constraint `node.labels.general == true` should be `node.role == 'manager'` for better security and control (FAIL). Update the placement block accordingly.
- **Issue**: The placement constraint refers to a node label (`general`) that is not explicitly defined in the constraints section.
- **Fix**: Define a specific label on nodes or correct the label name if it should be another predefined one.
5. **Volumes Use /DockerVol/<service> Path Convention**: 5. **Volumes use /DockerVol/<service> path convention**:
- `/data/nfs/znas/Docker/beszel:/beszel_data`: **FAIL** - `/data/nfs/znas/Docker/beszel:/beszel_data` does not follow the `/DockerVol/<service>` path convention (FAIL). Rename the volume to `/DockerVol/beszel`.
- **Issue**: The volume path does not follow the expected convention (`/DockerVol/<service>`).
- **Fix**: Change the volume path to use the standard convention, e.g., `/DockerVol/beszel:/beszel_data`.
6. **Network References External Netgrimoire Overlay**: 6. **Network references external netgrimoire overlay**:
- `netgrimoire`: **PASS** - The `netgrimoire` network is correctly referenced as an external network (PASS)
### VERDICT: FAIL **VERDICT: FAIL**
Fixes required:
1. Update placement constraint to `node.role == 'manager'`.
2. Rename the volume to `/DockerVol/beszel`.