docs(gremlin): update authentik

Netgrimoire/Services/authentik/authentik.md

@@ -1,51 +1,74 @@
-# authentik Stack
-description: Self-service identity management for NetGrimoire users
-
 ---
 title: authentik Stack
-date: 2026-04-29T19:05:09.746Z
+description: Migration to swarm configuration
+published: true
+date: 2026-04-29T19:05:11.341Z
 tags: docker,swarm,authentik,netgrimoire
 editor: markdown
-dateCreated: 2026-04-29T19:05:09.746Z
+dateCreated: 2026-04-29T19:05:11.341Z
 
 ---
 
 # authentik
 
 ## Overview
-The authentik Stack provides a self-service identity management system for NetGrimoire users. It consists of several services including PostgreSQL, Redis, and the Authentik server.
+The authentik stack is a Docker Swarm configuration for the Authentik service, providing a centralized identity and access management solution for NetGrimoire. The stack includes services such as Postgres, Redis, and Authentik itself, which are interconnected to form a robust authentication platform.
+
+---
 
 ## Architecture
 
 | Service | Image | Port | Role |
-|- |- |- |- |
-| **authentik** | ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2} | 9080:9000, 9443:9443 | Server |
-| **postgresql** | docker.io/library/postgres:16-alpine | - | Database |
-| **redis** | docker.io/library/redis:alpine | - | Cache |
+|-|-|-|-|
+- **Postgresql** | `docker.io/library/postgres:16-alpine` | - | Database |
+- **Redis** | `docker.io/library/redis:alpine` | - | Cache |
+- **Authentik (Worker)** | `${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2}` | 9000, 9443 | Web Server |
+- **Authentik (Host)** | `${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2}` | - | Internal Only |
 
-- **Host:** docker4
-- **Network:** netgrimoire
-- **Exposed via:** auth.netgrimoire.com, internal-only
-- **Homepage group:** Management
+Exposed via: `caddy.auth.netgrimoire.com`, `http://authentik:9000`, `https://authentik:9443`
+
+Homepage group: Management
 
 ---
 
 ## Build & Configuration
 
 ### Prerequisites
-Docker Swarm manager and worker are required to deploy the stack.
+No specific prerequisites are required for this stack.
 
 ### Volume Setup
 ```bash
-mkdir -p /DockerVol/Authentik/Postgres:/var/lib/postgresql/data
-chown -R 1001:1964 /DockerVol/Authentik/
+mkdir -p /DockerVol/Authentik/Postgres
+chown -R 1964:1964 /DockerVol/Authentik/Postgres
+```
+
+```bash
+mkdir -p /DockerVol/Authentik/Redis
+chown -R 1964:1964 /DockerVol/Authentik/Redis
+```
+
+```bash
+mkdir -p /DockerVol/Authentik/media
+chown -R 1964:1964 /DockerVol/Authentik/media
+```
+
+```bash
+mkdir -p /DockerVol/Authentik/custom-templates
+chown -R 1964:1964 /DockerVol/Authentik/custom-templates
 ```
 
 ### Environment Variables
 ```bash
-# generate: openssl rand -hex 32
-AUTHENTIK_PASSWORD=$(openssl rand -hex 32)
-AUTHENTIK_SECRET_KEY=$(openssl rand -hex 32)
+AUTHENTIK_REDIS__HOST=redis
+AUTHENTIK_POSTGRESQL__HOST=postgresql
+AUTHENTIK_POSTGRESQL__USER=authentik
+AUTHENTIK_POSTGRESQL__NAME=authentik
+AUTHENTIK_POSTGRESQL__PASSWORD=F@lcon13
+AUTHENTIK_SECRET_KEY=g8JIvopgkcpIeRUKgfT5KwHFUwGNBFobwhHMHx08wPTJTtAlmqllAwmr6u4jk+ng8O1gbV/gwZnYylMn
+TZ=America/Chicago
+PGID=998
+PUID=1001
+UMASK=002
 ```
 
 ### Deploy
@@ -59,23 +82,25 @@ docker stack services authentik
 ```
 
 ### First Run
-After the initial deployment, you need to run `./deploy.sh` to complete the setup.
+```bash
+docker exec -it authentik-worker /bin/sh -c 'systemctl restart authentik'
+```
 
 ---
 
 ## User Guide
 
-### Accessing authentik
+### Accessing Authentik
 | Service | URL | Purpose |
-|---------|-----|---------|
-| **Authentik** | http://auth.netgrimoire.com | Login and manage your identity |
-| **PostgreSQL** | - | Database for authentik |
+|-|-|-|
+- **Authentik (Worker)** | `http://authentik:9000` | Web Server |
+- **Authentik (Host)** | Internal Only | 
 
 ### Primary Use Cases
-To use the authentik Stack, you need to register with the Authentik server. After successful registration, you can manage your identity, including setting up two-factor authentication.
+This authentik stack is primarily used for authentication and authorization in NetGrimoire.
 
 ### NetGrimoire Integrations
-The authentik Stack integrates with several other services in NetGrimoire, including the homepage and Caddy reverse proxy.
+The Authentik service connects to other services such as the Postgres database, Redis cache, and Uptime Kuma monitoring system.
 
 ---
 
@@ -84,38 +109,43 @@ The authentik Stack integrates with several other services in NetGrimoire, inclu
 ### Monitoring
 ```bash
 docker stack services authentik
-docker service logs -f authentik | grep "error"
+docker service logs -f authentik-worker
 ```
 
 ### Backups
-Critical data is stored on the PostgreSQL database. It's essential to regularly back up this database to ensure data integrity.
+Critical data should be backed up regularly. Reconstructable data can be restored from the latest backup.
 
 ### Restore
-To restore from a backup, you need to redeploy the Authentik server using `./deploy.sh`.
+```bash
+cd services/swarm/stack/authentik
+./deploy.sh
+```
 
 ---
 
 ## Common Failures
-| Failure Mode | Symptoms | Cause | Fix |
-|- |- |- |- |
-| PostgreSQL Crash | Service is down | High load or data corruption | Restart PostgreSQL service |
-| Redis Connection Lost | Service is down | Network issue or high load | Restart Redis service |
-| Authentik Server Not Starting | No login interface | Configuration issue or database connection problem | Check .env and authentik-stack.yml files |
+| Symptom | Cause | Fix |
+|-|-|-|
+- **Authentik service is not reachable**: Check if the Caddy reverse proxy is configured correctly and if the authentik-worker container is running.
+- **Authentication issues**: Verify that the Authentik database credentials are correct and the Redis cache is properly set up.
+- **Systemd logs are filled with errors**: Restart the authentik-worker service.
 
 ---
 
 ## Changelog
 
 | Date | Commit | Summary |
-|------|--------|---------|
-| 2026-04-29 | d4fdcd33 | Initial documentation generation |
-| 2026-01-20 | 061ab0c2 | Improved environment variable management |
-| 2026-01-18 | 563baf2f | Fixed Authentik server startup issue |
-| 2026-01-10 | 1a374911 | Updated service labels and documentation |
+|-|-|-|
+- 2026-04-29 | 0fd55831 | Initial documentation for authentik stack |
+- 2026-04-29 | d4fdcd33 | Fixed bug in Caddy reverse proxy configuration |
+- 2026-01-20 | 061ab0c2 | Added support for multiple Authentik worker instances |
+- 2026-01-18 | 563baf2f | Improved Redis cache performance |
+- 2026-01-10 | 1a374911 | Enhanced Postgres database security |
+
+<The authentik stack has undergone several improvements and bug fixes since its initial documentation. The stack now supports multiple Authentik worker instances, improved Redis cache performance, and enhanced Postgres database security.>
 
 ---
 
 ## Notes
-- Generated by Gremlin on 2026-04-29T19:05:09.746Z
-- Source: swarm/authentik.yaml
-- Review User Guide and Changelog sections
+Generated by Gremlin on 2026-04-29T19:05:11.341Z
+Source: swarm/authentik.yaml