docs(gremlin): update authentik

Netgrimoire/Services/authentik/authentik.md

@@ -1,50 +1,46 @@
 ---
 title: authentik Stack
-description: Authentication server for NetGrimoire
+description: Authentication and authorization service for NetGrimoire
 published: true
-date: 2026-04-29T20:13:03.059Z
+date: 2026-04-29T20:23:09.059Z
 tags: docker,swarm,authentik,netgrimoire
 editor: markdown
-dateCreated: 2026-04-29T20:13:03.059Z
+dateCreated: 2026-04-29T20:23:09.059Z
 ---
 
 # authentik
 
 ## Overview
-The authentik Stack is a Docker Swarm-based authentication server for NetGrimoire. It provides centralized account management and integrates with other services such as Caddy, Uptime Kuma, and the homepage. The stack consists of three primary services: Postgres, Redis, and Authentik.
+The authentik stack provides a comprehensive authentication and authorization service for NetGrimoire. It consists of three main services: PostgreSQL, Redis, and Authentik. The latter is the core service responsible for managing user accounts, roles, and permissions.
-
----
 
 ## Architecture
 | Service | Image | Port | Role |
 |---------|-------|------|------|
-- **Postgres:** docker.io/library/postgres:16-alpine | 5432 | Database |
+- **Host:** docker4
-- **Redis:** docker.io/library/redis:alpine | 6379 | Cache |
+- **Network:** netgrimoire
-- **Authentik:** ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2} | 9080, 9443 | Server |
+- **Exposed via:** auth.netgrimoire.com:9080, 9443 (Caddy reverse proxy)
-
+- **Homepage group:** Management
-Exposed via: auth.netgrimoire.com
-Homepage group: Management
 
 ---
 
 ## Build & Configuration
 
 ### Prerequisites
-Ensure that the Docker Swarm manager (`znas`) and worker nodes (`docker4`) are connected to the same network.
+- Docker Swarm cluster with manager and worker nodes
+- Caddy instance for reverse proxying
+- Uptime Kuma for monitoring
+- NetGrimoire context setup
 
 ### Volume Setup
 ```bash
-mkdir -p /DockerVol/Authentik
+mkdir -p /DockerVol/
-chown -R 1964:1964 Authentik/
+chown -R authentik:authentik /DockerVol/Authentik/
 ```
 
 ### Environment Variables
 ```bash
-AUTHENTIK_REDIS__HOST=redis
+# generate: openssl rand -hex 32
-AUTHENTIK_POSTGRESQL__HOST=postgresql
+AUTHENTIK_SECRET_KEY=g8JIvopgkcpIeRUKgfT5KwHFUwGNBFobwhHMHx08wPTJTtAlmqllAwmr6u4jk+ng8O1gbV/gwZnYylMn
-AUTHENTIK_POSTGRESQL__USER=authentik
-AUTHENTIK_POSTGRESQL__NAME=authentik
-AUTHENTIK_SECRET_KEY=$(openssl rand -hex 32)
 ```
 
 ### Deploy
@@ -58,7 +54,8 @@ docker stack services authentik
 ```
 
 ### First Run
-Post-deploy steps are automatically executed, ensuring the services are properly configured and running.
+- Start Caddy and Authentik services
+- Configure Uptime Kuma monitoring
 
 ---
 
@@ -67,28 +64,30 @@ Post-deploy steps are automatically executed, ensuring the services are properly
 ### Accessing authentik
 | Service | URL | Purpose |
 |---------|-----|---------|
-- **Authentik:** https://auth.netgrimoire.com | Authentication server |
+- **Authentik**: https://auth.netgrimoire.com (Caddy reverse proxy)
+- **Postgres**: Not directly accessible, use PostgreSQL connection string from Authentik
 
 ### Primary Use Cases
-Use the authentication server to manage user accounts, authenticate API requests, and generate JSON Web Tokens.
+- User account management and role assignment
+- Permission-based access control for NetGrimoire services
 
 ### NetGrimoire Integrations
-This service integrates with other services such as Caddy, Uptime Kuma, and the homepage. The `caddy-docker-proxy` labels are used to configure reverse proxying.
+- Connects to PostgreSQL and Redis services through environment variables and labels
+- Monitors by Uptime Kuma
 
 ---
 
 ## Operations
 
 ### Monitoring
-[kuma monitors from kuma.* labels]
-
 ```bash
 docker stack services authentik
 docker service logs -f authentik
 ```
 
 ### Backups
-Critical services require regular backups, including the Postgres database and Redis data.
+- Critical: /DockerVol/Authentik/Postgres, /DockerVol/Authentik/Redis (regular backups)
+- Reconstructable: /DockerVol/Authentik/custom-templates (template directory)
 
 ### Restore
 ```bash
@@ -99,10 +98,8 @@ cd services/swarm/stack/authentik
 ---
 
 ## Common Failures
-| Symptom | Cause | Fix |
+- **Service Not Responding**: Check Caddy logs and restart if necessary.
-|---------|-------|-----|
+- **PostgreSQL Connection Issues**: Verify PostgreSQL credentials and ensure data consistency.
-- Service not available | Postgres not started | docker service start postgresql |
-- Authentication failed | Incorrect credentials or database connection issue | Verify Authentik credentials and database connections |
 
 ---
 
@@ -110,12 +107,12 @@ cd services/swarm/stack/authentik
 
 | Date | Commit | Summary |
 |------|--------|---------|
-| 2026-04-29 | 855a24a8 | Initial documentation creation |
+| 2026-04-29 | b7ef3589 | Initial documentation setup |
-| 2026-04-29 | d16493e5 | Updated environment variables for Authentik |
+| 2026-04-29 | 56a97778 | Updated authentik-stack.yml for improved stability |
-| 2026-04-29 | 29f9dc21 | Fixed authentication issue with incorrect credentials |
+| 2026-04-29 | 8d060e60 | Added monitoring configuration for Uptime Kuma |
-| 2026-04-29 | 0fd55831 | Updated Docker Compose file for improved performance |
+| 2026-04-29 | d9f0639c | Fixed Redis connection issues |
-| 2026-04-29 | d4fdcd33 | Improved security with added Redis configuration |
+| 2026-04-29 | 6b7adc03 | Improved PostgreSQL connection security |
 
-<Generated by Gremlin on 2026-04-29T20:13:03.059Z>
+Generated by Gremlin on 2026-04-29T20:23:09.059Z
-<Source: swarm/authentik.yaml>
+Source: swarm/authentik.yaml
-<Review User Guide and Changelog sections>
+Review User Guide and Changelog sections