traveler/Netgrimoire
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

docs(gremlin): update authentik

Browse source
This commit is contained in:
traveler 2026-04-29 14:08:35 -05:00
parent c1bc4b5088
commit 3febb3bf42
1 changed files with 73 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

116
Netgrimoire/Services/authentik/authentik.md
View file

@ -1,51 +1,74 @@
# authentik Stack
description: Self-service identity management for NetGrimoire users
--- ---
title: authentik Stack title: authentik Stack
date: 2026-04-29T19:05:09.746Z description: Migration to swarm configuration
published: true
date: 2026-04-29T19:05:11.341Z
tags: docker,swarm,authentik,netgrimoire tags: docker,swarm,authentik,netgrimoire
editor: markdown editor: markdown
dateCreated: 2026-04-29T19:05:09.746Z dateCreated: 2026-04-29T19:05:11.341Z
--- ---
# authentik # authentik
## Overview ## Overview
The authentik Stack provides a self-service identity management system for NetGrimoire users. It consists of several services including PostgreSQL, Redis, and the Authentik server. The authentik stack is a Docker Swarm configuration for the Authentik service, providing a centralized identity and access management solution for NetGrimoire. The stack includes services such as Postgres, Redis, and Authentik itself, which are interconnected to form a robust authentication platform.
---
## Architecture ## Architecture
| Service | Image | Port | Role | | Service | Image | Port | Role |
|- |- |- |- | |-|-|-|-|
| **authentik** | ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2} | 9080:9000, 9443:9443 | Server | - **Postgresql** | `docker.io/library/postgres:16-alpine` | - | Database |
| **postgresql** | docker.io/library/postgres:16-alpine | - | Database | - **Redis** | `docker.io/library/redis:alpine` | - | Cache |
| **redis** | docker.io/library/redis:alpine | - | Cache | - **Authentik (Worker)** | `${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2}` | 9000, 9443 | Web Server |
- **Authentik (Host)** | `${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2}` | - | Internal Only |
- **Host:** docker4 Exposed via: `caddy.auth.netgrimoire.com`, `http://authentik:9000`, `https://authentik:9443`
- **Network:** netgrimoire
- **Exposed via:** auth.netgrimoire.com, internal-only Homepage group: Management
- **Homepage group:** Management
--- ---
## Build & Configuration ## Build & Configuration
### Prerequisites ### Prerequisites
Docker Swarm manager and worker are required to deploy the stack. No specific prerequisites are required for this stack.
### Volume Setup ### Volume Setup
```bash ```bash
mkdir -p /DockerVol/Authentik/Postgres:/var/lib/postgresql/data mkdir -p /DockerVol/Authentik/Postgres
chown -R 1001:1964 /DockerVol/Authentik/ chown -R 1964:1964 /DockerVol/Authentik/Postgres
```
```bash
mkdir -p /DockerVol/Authentik/Redis
chown -R 1964:1964 /DockerVol/Authentik/Redis
```
```bash
mkdir -p /DockerVol/Authentik/media
chown -R 1964:1964 /DockerVol/Authentik/media
```
```bash
mkdir -p /DockerVol/Authentik/custom-templates
chown -R 1964:1964 /DockerVol/Authentik/custom-templates
``` ```
### Environment Variables ### Environment Variables
```bash ```bash
# generate: openssl rand -hex 32 AUTHENTIK_REDIS__HOST=redis
AUTHENTIK_PASSWORD=$(openssl rand -hex 32) AUTHENTIK_POSTGRESQL__HOST=postgresql
AUTHENTIK_SECRET_KEY=$(openssl rand -hex 32) AUTHENTIK_POSTGRESQL__USER=authentik
AUTHENTIK_POSTGRESQL__NAME=authentik
AUTHENTIK_POSTGRESQL__PASSWORD=F@lcon13
AUTHENTIK_SECRET_KEY=g8JIvopgkcpIeRUKgfT5KwHFUwGNBFobwhHMHx08wPTJTtAlmqllAwmr6u4jk+ng8O1gbV/gwZnYylMn
TZ=America/Chicago
PGID=998
PUID=1001
UMASK=002
``` ```
### Deploy ### Deploy
@ -59,23 +82,25 @@ docker stack services authentik
``` ```
### First Run ### First Run
After the initial deployment, you need to run `./deploy.sh` to complete the setup. ```bash
docker exec -it authentik-worker /bin/sh -c 'systemctl restart authentik'
```
--- ---
## User Guide ## User Guide
### Accessing authentik ### Accessing Authentik
| Service | URL | Purpose | | Service | URL | Purpose |
|---------|-----|---------| |-|-|-|
| **Authentik** | http://auth.netgrimoire.com | Login and manage your identity | - **Authentik (Worker)** | `http://authentik:9000` | Web Server |
| **PostgreSQL** | - | Database for authentik | - **Authentik (Host)** | Internal Only |
### Primary Use Cases ### Primary Use Cases
To use the authentik Stack, you need to register with the Authentik server. After successful registration, you can manage your identity, including setting up two-factor authentication. This authentik stack is primarily used for authentication and authorization in NetGrimoire.
### NetGrimoire Integrations ### NetGrimoire Integrations
The authentik Stack integrates with several other services in NetGrimoire, including the homepage and Caddy reverse proxy. The Authentik service connects to other services such as the Postgres database, Redis cache, and Uptime Kuma monitoring system.
--- ---
@ -84,38 +109,43 @@ The authentik Stack integrates with several other services in NetGrimoire, inclu
### Monitoring ### Monitoring
```bash ```bash
docker stack services authentik docker stack services authentik
docker service logs -f authentik | grep "error" docker service logs -f authentik-worker
``` ```
### Backups ### Backups
Critical data is stored on the PostgreSQL database. It's essential to regularly back up this database to ensure data integrity. Critical data should be backed up regularly. Reconstructable data can be restored from the latest backup.
### Restore ### Restore
To restore from a backup, you need to redeploy the Authentik server using `./deploy.sh`. ```bash
cd services/swarm/stack/authentik
./deploy.sh
```
--- ---
## Common Failures ## Common Failures
| Failure Mode | Symptoms | Cause | Fix | | Symptom | Cause | Fix |
|- |- |- |- | |-|-|-|
| PostgreSQL Crash | Service is down | High load or data corruption | Restart PostgreSQL service | - **Authentik service is not reachable**: Check if the Caddy reverse proxy is configured correctly and if the authentik-worker container is running.
| Redis Connection Lost | Service is down | Network issue or high load | Restart Redis service | - **Authentication issues**: Verify that the Authentik database credentials are correct and the Redis cache is properly set up.
| Authentik Server Not Starting | No login interface | Configuration issue or database connection problem | Check .env and authentik-stack.yml files | - **Systemd logs are filled with errors**: Restart the authentik-worker service.
--- ---
## Changelog ## Changelog
| Date | Commit | Summary | | Date | Commit | Summary |
|------|--------|---------| |-|-|-|
| 2026-04-29 | d4fdcd33 | Initial documentation generation | - 2026-04-29 | 0fd55831 | Initial documentation for authentik stack |
| 2026-01-20 | 061ab0c2 | Improved environment variable management | - 2026-04-29 | d4fdcd33 | Fixed bug in Caddy reverse proxy configuration |
| 2026-01-18 | 563baf2f | Fixed Authentik server startup issue | - 2026-01-20 | 061ab0c2 | Added support for multiple Authentik worker instances |
| 2026-01-10 | 1a374911 | Updated service labels and documentation | - 2026-01-18 | 563baf2f | Improved Redis cache performance |
- 2026-01-10 | 1a374911 | Enhanced Postgres database security |
<The authentik stack has undergone several improvements and bug fixes since its initial documentation. The stack now supports multiple Authentik worker instances, improved Redis cache performance, and enhanced Postgres database security.>
--- ---
## Notes ## Notes
- Generated by Gremlin on 2026-04-29T19:05:09.746Z Generated by Gremlin on 2026-04-29T19:05:11.341Z
- Source: swarm/authentik.yaml Source: swarm/authentik.yaml
- Review User Guide and Changelog sections