Micha/homelab-infra
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
5cb401797d0540a9d31afd24cdfdda1349eb2951
homelab-infra/ops/policy-checks/last-report.md
T
Micha 5cb401797d Bind AdGuard admin to Tailscale
2026-05-26 14:55:49 +02:00

2.1 KiB
Raw Blame History

Policy Check Report

Summary

  • Compose files checked: 31
  • Critical findings: 0
  • Warnings: 7
  • Info findings: 10

Critical

  • none

Warnings

  • [HOSTNET002] host-services\plex\docker-compose.yml :: plex: network_mode: host is enabled.
  • [IMAGE001] infra\ddns-updater\docker-compose.yml :: ddns-updater: Image uses a latest tag. Prefer a concrete version tag, even when a digest is present.
  • [USER001] monitoring\docker-compose.yml :: influxdb3-core: Runs as user 0. Documented exception, keep visible for hardening.
  • [IMAGE001] ops\glances\docker-compose.yml :: glances: Image uses a latest tag. Prefer a concrete version tag, even when a digest is present.
  • [USER001] ops\grafana-influxdb\docker-compose.yml :: grafana: Runs as user 0. Documented exception, keep visible for hardening.
  • [USER001] ops\grafana-influxdb\docker-compose.yml :: influxdb3-core: Runs as user 0. Documented exception, keep visible for hardening.
  • [IMAGE001] ops\scrutiny\docker-compose.yml :: scrutiny: Image uses a latest tag. Prefer a concrete version tag, even when a digest is present.

Info

  • [PORT001] core\gitea\docker-compose.yml :: gitea: Allowed host port mapping: 222:22
  • [PORT001] host-services\Adguard\docker-compose.yml :: adguard: Allowed host port mapping: 53:53/tcp
  • [PORT001] host-services\Adguard\docker-compose.yml :: adguard: Allowed host port mapping: 53:53/udp
  • [PORT001] host-services\Adguard\docker-compose.yml :: adguard: Allowed host port mapping: 100.80.98.33:8082:80
  • [HOSTNET001] host-services\tailscale\docker-compose.yml :: tailscale: network_mode: host is a documented exception.
  • [PORT001] monitoring\docker-compose.yml :: influxdb3-core: Allowed host port mapping: ${INFLUXDB_BIND_IP:-127.0.0.1}:8181:8181
  • [PORT001] ops\grafana-influxdb\docker-compose.yml :: influxdb3-core: Allowed host port mapping: ${INFLUXDB_BIND_IP:-127.0.0.1}:8181:8181
  • [PRIV001] ops\scrutiny\docker-compose.yml :: scrutiny: Privileged mode is a documented exception.
  • [PORT001] traefik\docker-compose.yml :: traefik: Allowed host port mapping: 80:80
  • [PORT001] traefik\docker-compose.yml :: traefik: Allowed host port mapping: 443:443
Reference in New Issue View Git Blame Copy Permalink