--- title: Audit - tmm.yaml description: Gremlin audit report 2026-04-20 published: true date: 2026-04-20T11:37:42.787Z tags: gremlin,audit editor: markdown dateCreated: 2026-04-20T11:37:42.787Z --- # Audit Report — tmm.yaml **Date:** 2026-04-20 **File:** swarm/tmm.yaml **Type:** Docker Swarm **Verdict:** FAIL --- ### SWARM AUDIT RESULTS: 1. **Homepage labels**: - **PASS**: All required homepage labels are present (`homepage.group`, `homepage.name`, `homepage.icon`, `homepage.href`, `homepage.description`). 2. **Uptime Kuma labels**: - **FAIL**: The Uptime Kuma labels are missing. - **Issue**: The `kuma.app.http.name` and `kuma.app.http.url` labels are not defined. - **Fix**: Add the following labels under the `deploy` section: ```yaml kuma.app.http.name: "Tiny Media Manager" kuma.app.http.url: "http://tinymediamanager_service:4000" ``` 3. **Caddy labels on exposed services**: - **PASS**: The Caddy labels are correctly defined. ```yaml caddy: "tmm.netgrimoire.com" caddy.import: "authentik" caddy.reverse_proxy: "tinymediamanager_service:4000" ``` 4. **Placement constraints**: - **FAIL**: The `node.hostname` constraint is missing. - **Issue**: The `deploy` section does not include a placement constraint for node hostname. - **Fix**: Add the following under the `deploy` section to constrain the service to a specific node: ```yaml placement: constraints: - node.hostname == ``` 5. **Volumes use /DockerVol/ path convention**: - **FAIL**: The volume paths do not follow the `/DockerVol/` convention. - **Issue**: Volumes are mounted at `/data/nfs/Baxter/Docker/tinymediamanager` and `/data/nfs/Baxter`. - **Fix**: Rename the volumes to use the `/DockerVol/` path convention: ```yaml volumes: - /DockerVol/tinymediamanager/config:/config:rw - /DockerVol/tinymediamanager/media:/media:rw ``` 6. **Network references external netgrimoire overlay**: - **PASS**: The service references the external `netgrimoire` network. ### VERDICT: FAIL