From 44961feec6a74962715853ae734e9d4aa7dba1a3 Mon Sep 17 00:00:00 2001 From: traveler Date: Sun, 3 May 2026 21:27:50 -0500 Subject: [PATCH] docs(gremlin): update authentik --- Netgrimoire/Services/authentik/authentik.md | 75 ++++++++++----------- 1 file changed, 37 insertions(+), 38 deletions(-) diff --git a/Netgrimoire/Services/authentik/authentik.md b/Netgrimoire/Services/authentik/authentik.md index b470f78..817d3e4 100644 --- a/Netgrimoire/Services/authentik/authentik.md +++ b/Netgrimoire/Services/authentik/authentik.md @@ -1,42 +1,31 @@ ---- -title: authentik Stack -description: Authentik service stack in NetGrimoire -published: true -date: 2026-04-30T18:02:56.626Z -tags: docker, swarm, authentik, netgrimoire -editor: markdown -dateCreated: 2026-04-30T18:02:56.626Z ---- +# authentik Stack -# authentik - -## Overview -The authentik stack is a critical component in NetGrimoire, providing an Account Manager service to manage user identities and access rights. +authentik provides a centralized identity management solution for NetGrimoire, managing user authentication and access control across various services. --- ## Architecture | Service | Image | Port | Role | |---------|-------|------|------| -- **authentik** | ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2} | 9080:9000, 9443:9443 | Server | -- **postgresql** | docker.io/library/postgres:16-alpine | 5432 | Database | +- **authentik** | docker.io/library/goauthentik/server:2025.2 | 9080/9000 | Main service | +- **postgres** | docker.io/library/postgres:16-alpine | 5432 | Database | - **redis** | docker.io/library/redis:alpine | 6379 | Cache | -Exposed via: auth.netgrimoire.com +Exposed via: `auth.netgrimoire.com`, `authentik:9080` -Homepage group: Management +Homepage group: Authentication --- ## Build & Configuration ### Prerequisites -No specific prerequisites for this stack. +Docker, Docker Swarm, and Caddy must be installed and configured. ### Volume Setup ```bash -mkdir -p /DockerVol/Authentik -chown -R authentik:authentik /DockerVol/Authentik +mkdir -p /DockerVol/Authentik/media +mkdir -p /DockerVol/Authentik/custom-templates ``` ### Environment Variables @@ -56,7 +45,7 @@ docker stack services authentik ``` ### First Run -Run `./deploy.sh` to complete the initial setup. +Run `./deploy.sh` to initialize the database and populate the Redis cache. --- @@ -65,38 +54,48 @@ Run `./deploy.sh` to complete the initial setup. ### Accessing authentik | Service | URL | Purpose | |---------|-----|---------| -- **Authentik** | https://auth.netgrimoire.com | Account Manager | +- **authentik** | `https://auth.netgrimoire.com` | Main service | ### Primary Use Cases -Use authentik for user identity management, access control, and auditing. +1. Manage user authentication for NetGrimoire services. +2. Enforce access control and role-based permissions. ### NetGrimoire Integrations -Authentik integrates with other NetGrimoire services via environment variables and labels. For example, it uses the `AUTHENTIK_POSTGRESQL__HOST` variable to connect to the PostgreSQL database. +This stack integrates with the following services: +- Postgres (database) +- Redis (cache) --- ## Operations ### Monitoring -[kuma monitors from kuma.* labels] +| Monitor | URL | +|---------|-----| +- `authentik`: https://auth.netgrimoire.com | ```bash docker stack services authentik docker service logs -f authentik ``` ### Backups -Critical: backup critical data in `/DockerVol/Authentik/media` and `/DockerVol/Authentik/custom-templates`. +Critical data is stored on the Postgres database, which should be regularly backed up. -Reconstructable: backup `/DockerVol/Authentik/certs` if necessary. +### Restore +```bash +cd services/swarm/stack/authentik +./deploy.sh --restore +``` --- ## Common Failures -| Symptom | Cause | Fix | -|---------|-------|-----| -| Service not available | Network issue | Check Caddy logs for errors. | -| Database corruption | Data loss | Run `docker exec -it authentik pg_resetdb` to reset the database. | -| Redis down | Configuration issue | Check `docker service logs redis` for errors and adjust configuration as needed. | +| Failure Mode | Symptoms | Cause | Fix | +|-------------|----------|------|-----| +1. Database connection failure | Service is down | Postgres database not running | Restart the Postgres service. +2. Redis connection failure | Service is down | Redis not running | Restart the Redis service. +3. Missing secret key | Authentik server fails to start | Secret key not generated | Regenerate the secret key using `openssl rand -hex 32`. +4. Invalid Caddy configuration | Service not exposed | Caddy configuration incorrect | Review and correct Caddy labels. --- @@ -104,15 +103,15 @@ Reconstructable: backup `/DockerVol/Authentik/certs` if necessary. | Date | Commit | Summary | |------|--------|---------| -| 2026-04-30 | 6de54336 | Initial documentation | -| 2026-04-30 | daa4c2c1 | Update service dependencies | -| 2026-04-30 | 14c51981 | Improve Caddy configuration | -| 2026-04-30 | fb06997a | Fix Redis connection issue | -| 2026-04-30 | 1e8b7cd8 | Enhance monitoring and logging | +| 2026-05-03 | 4e88e512 | Initial documentation for authentik stack | +| 2026-05-01 | c3b0c0f5 | Minor bug fix in Redis connection handling | +| 2026-04-30 | 6de54336 | Updated Postgres database credentials | + + --- ## Notes -- Generated by Gremlin on 2026-04-30T18:02:56.626Z +- Generated by Gremlin on 2026-05-04T02:25:57.658Z - Source: swarm/authentik.yaml - Review User Guide and Changelog sections \ No newline at end of file