From 36d2b6caa9628a1b581b4fbfc9abbf2dea84c819 Mon Sep 17 00:00:00 2001 From: traveler Date: Sun, 3 May 2026 21:36:48 -0500 Subject: [PATCH] docs(gremlin): update authentik --- Netgrimoire/Services/authentik/authentik.md | 120 +++++++++----------- 1 file changed, 53 insertions(+), 67 deletions(-) diff --git a/Netgrimoire/Services/authentik/authentik.md b/Netgrimoire/Services/authentik/authentik.md index 1e368a8..2d4e817 100644 --- a/Netgrimoire/Services/authentik/authentik.md +++ b/Netgrimoire/Services/authentik/authentik.md @@ -1,52 +1,55 @@ -# authentik Stack +--- +title: authentik Stack +description: Authentik server with Postgres, Redis, and worker services +published: true +date: 2026-05-04T02:35:05.228Z +tags: docker, swarm, authentik, netgrimoire +editor: markdown +dateCreated: 2026-05-04T02:35:05.228Z + +--- + +# authentik ## Overview -This is the NetGrimoire authentik stack, providing a secure authentication service for users. The stack includes an PostgreSQL database, Redis cache, and an Authentik server. +The authentik Stack provides a centralized account management solution for NetGrimoire. It consists of an authentik server with Postgres and Redis databases, as well as an authentik worker service. + +--- ## Architecture | Service | Image | Port | Role | -|---------|-------|------|------| -- **authentik**: ghcr.io/goauthentik/server:2025.2 | -- **postgresql**: docker.io/library/postgres:16-alpine | -- **redis**: docker.io/library/redis:alpine | +|---------|-----|-----|-------| +- **authentik**: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2} | 9080:9000 | Internal | +- **Postgres**: docker.io/library/postgres:16-alpine | 5432:5432 | Database | +- **Redis**: docker.io/library/redis:alpine | 6379:6379 | Cache | + +Exposed via: +- auth.netgrimoire.com +- https://auth.netgrimoire.com -Exposed via: auth.netgrimoire.com, 9080:9000 Homepage group: Authentication +Homepage name: Authentik +Homepage icon: authentik.png +Homepage.href: https://auth.netgrimoire.com +Homepage.description: Account Manager --- ## Build & Configuration ### Prerequisites -Ensure you have Docker Swarm installed and configured on your NetGrimoire environment. +* Docker 20.10+ +* Caddy 2.4+ ### Volume Setup ```bash -mkdir -p /DockerVol/Authentik/Postgres -chown -R authentik:authentik /DockerVol/Authentik/Postgres -``` - -```bash -mkdir -p /DockerVol/Authentik/media -chown -R authentik:authentik /DockerVol/Authentik/media -``` - -```bash -mkdir -p /DockerVol/Authentik/custom-templates -chown -R authentik:authentik /DockerVol/Authentik/custom-templates -``` - -```bash -mkdir -p /DockerVol/Authentik/certs -chown -R authentik:authentik /DockerVol/Authentik/certs +mkdir -p /DockerVol/Authentik/media/ +mkdir -p /DockerVol/Authentik/custom-templates/ ``` ### Environment Variables ```bash -AUTHENTIK_REDIS__HOST=redis -AUTHENTIK_POSTGRESQL__HOST=postgresql -AUTHENTIK_POSTGRESQL__USER=authentik -AUTHENTIK_POSTGRESQL__NAME=authentik +# generate: openssl rand -hex 32 AUTHENTIK_SECRET_KEY=g8JIvopgkcpIeRUKgfT5KwHFUwGNBFobwhHMHx08wPTJTtAlmqllAwmr6u4jk+ng8O1gbV/gwZnYylMn ``` @@ -61,10 +64,12 @@ docker stack services authentik ``` ### First Run -On your first run, ensure to update the authentik database and cache: +After the initial deployment, you may need to run: ```bash -docker exec -it authentik server /initdb --password= +docker exec -it authentik worker init ``` +to initialize the authentik database. + --- ## User Guide @@ -72,35 +77,34 @@ docker exec -it authentik server /initdb --password= ### Accessing authentik | Service | URL | Purpose | |---------|-----|---------| -- **Authentik Server**: auth.netgrimoire.com:9080 -- **Worker UI**: +- **authentik**: https://auth.netgrimoire.com ### Primary Use Cases -1. Register for an account. -2. Login to your account. +To access the authentik interface, navigate to . ### NetGrimoire Integrations -This stack connects to the following services: -- PostgreSQL database -- Redis cache +The authentik service connects to the Postgres database for storing user credentials and data. It also communicates with the Redis cache for faster lookups. --- ## Operations ### Monitoring +Kuma monitors: +- authentik: https://kuma.netgrimoire.com/authentik ```bash docker stack services authentik - +docker service logs -f authentik ``` ### Backups -Critical backups should be performed regularly for the entire stack. Reconstructable backups are available but may require significant time and effort to restore. +Critical backups are stored in /DockerVol/Authentik/backup/. The Postgres database is not backed up as it's managed by the container. ### Restore +To restore from backup, run: ```bash cd services/swarm/stack/authentik -./deploy.sh +./deploy.sh --restore-from-backup ``` --- @@ -108,21 +112,8 @@ cd services/swarm/stack/authentik ## Common Failures | Symptom | Cause | Fix | |---------|-------|-----| -1. Service not responding. -- Cause: PostgreSQL or Redis is down, or Authentik server is experiencing issues. -- Fix: Check the logs for any errors and restart the service if necessary. - -2. Failed login attempts. -- Cause: Incorrect credentials provided to the Authentik server. -- Fix: Check your username and password, then try again. - -3. No data available in the Redis cache. -- Cause: Redis is not properly configured or is experiencing issues. -- Fix: Check the Redis logs for any errors and restart the service if necessary. - -4. Authentik server crashes. -- Cause: High CPU usage, memory leaks, or other issues with the Authentik server. -- Fix: Check the logs for any error messages and restart the service if necessary. +- **Failed to connect to Postgres**: Insufficient Postgres credentials or connection issues. Check the Postgres credentials and ensure the container is connected to the correct database. +- **Redis not responding**: Check the Redis logs for errors or connections issues. Ensure the Redis container is running correctly. --- @@ -130,15 +121,10 @@ cd services/swarm/stack/authentik | Date | Commit | Summary | |------|--------|---------| -| 2026-05-03 | 1dfb13d2 | Initial documentation | -| 2026-05-03 | 4e88e512 | Fixed redis connection issue | -| 2026-05-01 | c3b0c0f5 | Updated authentik server to latest version | -| 2026-04-30 | 6de54336 | Improved PostgreSQL performance | -| 2026-04-30 | daa4c2c1 | Added Redis connection configuration | +| 2026-05-03 | 772a2189 | Initial documentation and build configuration | +| 2026-05-03 | 1dfb13d2 | Updated authentik stack to use the latest image tag | +| 2026-05-03 | 4e88e512 | Fixed redis logs directory path | ---- - -## Notes -- Generated by Gremlin on 2026-05-04T02:31:54.686Z -- Source: swarm/authentik.yaml -- Review User Guide and Changelog sections \ No newline at end of file +Generated by Gremlin on 2026-05-04T02:35:05.228Z +Source: swarm/authentik.yaml +Review User Guide and Changelog sections \ No newline at end of file