audit(gremlin): authelia FAIL 2026-04-03

Netgrimoire/Audits/authelia-2026-04-03.md

@@ -0,0 +1,55 @@
+---
+title: Audit - authelia.yaml
+description: Gremlin audit report 2026-04-03
+published: true
+date: 2026-04-03T01:36:30.489Z
+tags: gremlin,audit
+editor: markdown
+dateCreated: 2026-04-03T01:36:30.489Z
+---
+
+# Audit Report — authelia.yaml
+
+**Date:** 2026-04-03  
+**File:** swarm/authelia.yaml  
+**Type:** Docker Swarm  
+**Verdict:** FAIL
+
+---
+
+### SWARM AUDIT REPORT:
+
+#### Homepage Labels
+**PASS**: homepage.group=Management  
+**PASS**: homepage.name=Authelia  
+**PASS**: homepage.icon=authelia.png  
+**PASS**: homepage.href=https://login.wasted-bandwidth.net  
+**PASS**: homepage.description=SSO / Forward-Auth  
+
+#### Uptime Kuma Labels
+**PASS**: kuma.authelia.http.name="Authelia"  
+**PASS**: kuma.authelia.http.url=http://authelia:9091  
+
+#### Caddy Labels on Exposed Services
+**FAIL**: Missing `caddy=<domain>` and `caddy.reverse_proxy` labels.
+
+- **Issue**: The service is exposed but lacks necessary labels to enable automatic reverse proxying.
+- **Fix**: Add the following labels to the `authelia` service:
+  ```yaml
+  labels:
+    caddy=login.wasted-bandwidth.net
+    caddy.reverse_proxy={{upstreams 9091}}
+  ```
+
+#### Placement Constraints
+**PASS**: node.hostname == nas  
+
+#### Volumes Use /DockerVol/<service> Path Convention
+**PASS**: /DockerVol/authelia/config  
+**PASS**: /DockerVol/authelia/secrets  
+**PASS**: /DockerVol/authelia/redis  
+
+#### Network References External netgrimoire Overlay
+**PASS**: references external netgrimoire overlay
+
+### VERDICT: FAIL