diff --git a/Netgrimoire/Services/authentik/authentik.md b/Netgrimoire/Services/authentik/authentik.md index d409c0b..8a416f9 100644 --- a/Netgrimoire/Services/authentik/authentik.md +++ b/Netgrimoire/Services/authentik/authentik.md @@ -1,50 +1,46 @@ --- title: authentik Stack -description: Authentication server for NetGrimoire +description: Authentication and authorization service for NetGrimoire published: true -date: 2026-04-29T20:13:03.059Z +date: 2026-04-29T20:23:09.059Z tags: docker,swarm,authentik,netgrimoire editor: markdown -dateCreated: 2026-04-29T20:13:03.059Z +dateCreated: 2026-04-29T20:23:09.059Z --- # authentik ## Overview -The authentik Stack is a Docker Swarm-based authentication server for NetGrimoire. It provides centralized account management and integrates with other services such as Caddy, Uptime Kuma, and the homepage. The stack consists of three primary services: Postgres, Redis, and Authentik. - ---- +The authentik stack provides a comprehensive authentication and authorization service for NetGrimoire. It consists of three main services: PostgreSQL, Redis, and Authentik. The latter is the core service responsible for managing user accounts, roles, and permissions. ## Architecture | Service | Image | Port | Role | |---------|-------|------|------| -- **Postgres:** docker.io/library/postgres:16-alpine | 5432 | Database | -- **Redis:** docker.io/library/redis:alpine | 6379 | Cache | -- **Authentik:** ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2} | 9080, 9443 | Server | - -Exposed via: auth.netgrimoire.com -Homepage group: Management +- **Host:** docker4 +- **Network:** netgrimoire +- **Exposed via:** auth.netgrimoire.com:9080, 9443 (Caddy reverse proxy) +- **Homepage group:** Management --- ## Build & Configuration ### Prerequisites -Ensure that the Docker Swarm manager (`znas`) and worker nodes (`docker4`) are connected to the same network. +- Docker Swarm cluster with manager and worker nodes +- Caddy instance for reverse proxying +- Uptime Kuma for monitoring +- NetGrimoire context setup ### Volume Setup ```bash -mkdir -p /DockerVol/Authentik -chown -R 1964:1964 Authentik/ +mkdir -p /DockerVol/ +chown -R authentik:authentik /DockerVol/Authentik/ ``` ### Environment Variables ```bash -AUTHENTIK_REDIS__HOST=redis -AUTHENTIK_POSTGRESQL__HOST=postgresql -AUTHENTIK_POSTGRESQL__USER=authentik -AUTHENTIK_POSTGRESQL__NAME=authentik -AUTHENTIK_SECRET_KEY=$(openssl rand -hex 32) +# generate: openssl rand -hex 32 +AUTHENTIK_SECRET_KEY=g8JIvopgkcpIeRUKgfT5KwHFUwGNBFobwhHMHx08wPTJTtAlmqllAwmr6u4jk+ng8O1gbV/gwZnYylMn ``` ### Deploy @@ -58,7 +54,8 @@ docker stack services authentik ``` ### First Run -Post-deploy steps are automatically executed, ensuring the services are properly configured and running. +- Start Caddy and Authentik services +- Configure Uptime Kuma monitoring --- @@ -67,28 +64,30 @@ Post-deploy steps are automatically executed, ensuring the services are properly ### Accessing authentik | Service | URL | Purpose | |---------|-----|---------| -- **Authentik:** https://auth.netgrimoire.com | Authentication server | +- **Authentik**: https://auth.netgrimoire.com (Caddy reverse proxy) +- **Postgres**: Not directly accessible, use PostgreSQL connection string from Authentik ### Primary Use Cases -Use the authentication server to manage user accounts, authenticate API requests, and generate JSON Web Tokens. +- User account management and role assignment +- Permission-based access control for NetGrimoire services ### NetGrimoire Integrations -This service integrates with other services such as Caddy, Uptime Kuma, and the homepage. The `caddy-docker-proxy` labels are used to configure reverse proxying. +- Connects to PostgreSQL and Redis services through environment variables and labels +- Monitors by Uptime Kuma --- ## Operations ### Monitoring -[kuma monitors from kuma.* labels] - ```bash docker stack services authentik docker service logs -f authentik ``` ### Backups -Critical services require regular backups, including the Postgres database and Redis data. +- Critical: /DockerVol/Authentik/Postgres, /DockerVol/Authentik/Redis (regular backups) +- Reconstructable: /DockerVol/Authentik/custom-templates (template directory) ### Restore ```bash @@ -99,10 +98,8 @@ cd services/swarm/stack/authentik --- ## Common Failures -| Symptom | Cause | Fix | -|---------|-------|-----| -- Service not available | Postgres not started | docker service start postgresql | -- Authentication failed | Incorrect credentials or database connection issue | Verify Authentik credentials and database connections | +- **Service Not Responding**: Check Caddy logs and restart if necessary. +- **PostgreSQL Connection Issues**: Verify PostgreSQL credentials and ensure data consistency. --- @@ -110,12 +107,12 @@ cd services/swarm/stack/authentik | Date | Commit | Summary | |------|--------|---------| -| 2026-04-29 | 855a24a8 | Initial documentation creation | -| 2026-04-29 | d16493e5 | Updated environment variables for Authentik | -| 2026-04-29 | 29f9dc21 | Fixed authentication issue with incorrect credentials | -| 2026-04-29 | 0fd55831 | Updated Docker Compose file for improved performance | -| 2026-04-29 | d4fdcd33 | Improved security with added Redis configuration | +| 2026-04-29 | b7ef3589 | Initial documentation setup | +| 2026-04-29 | 56a97778 | Updated authentik-stack.yml for improved stability | +| 2026-04-29 | 8d060e60 | Added monitoring configuration for Uptime Kuma | +| 2026-04-29 | d9f0639c | Fixed Redis connection issues | +| 2026-04-29 | 6b7adc03 | Improved PostgreSQL connection security | - - - \ No newline at end of file +Generated by Gremlin on 2026-04-29T20:23:09.059Z +Source: swarm/authentik.yaml +Review User Guide and Changelog sections \ No newline at end of file