docs(gremlin): update authentik

Netgrimoire/Services/authentik/authentik.md

@@ -1,42 +1,31 @@
----
+# authentik Stack
-title: authentik Stack
-description: Authentik service stack in NetGrimoire
-published: true
-date: 2026-04-30T18:02:56.626Z
-tags: docker, swarm, authentik, netgrimoire
-editor: markdown
-dateCreated: 2026-04-30T18:02:56.626Z
----
 
-# authentik
+authentik provides a centralized identity management solution for NetGrimoire, managing user authentication and access control across various services.
-
-## Overview
-The authentik stack is a critical component in NetGrimoire, providing an Account Manager service to manage user identities and access rights.
 
 ---
 
 ## Architecture
 | Service | Image | Port | Role |
 |---------|-------|------|------|
-- **authentik** | ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2} | 9080:9000, 9443:9443 | Server |
+- **authentik** | docker.io/library/goauthentik/server:2025.2 | 9080/9000 | Main service |
-- **postgresql** | docker.io/library/postgres:16-alpine | 5432 | Database |
+- **postgres** | docker.io/library/postgres:16-alpine | 5432 | Database |
 - **redis** | docker.io/library/redis:alpine | 6379 | Cache |
 
-Exposed via: auth.netgrimoire.com
+Exposed via: `auth.netgrimoire.com`, `authentik:9080`
 
-Homepage group: Management
+Homepage group: Authentication
 
 ---
 
 ## Build & Configuration
 
 ### Prerequisites
-No specific prerequisites for this stack.
+Docker, Docker Swarm, and Caddy must be installed and configured.
 
 ### Volume Setup
 ```bash
-mkdir -p /DockerVol/Authentik
+mkdir -p /DockerVol/Authentik/media
-chown -R authentik:authentik /DockerVol/Authentik
+mkdir -p /DockerVol/Authentik/custom-templates
 ```
 
 ### Environment Variables
@@ -56,7 +45,7 @@ docker stack services authentik
 ```
 
 ### First Run
-Run `./deploy.sh` to complete the initial setup.
+Run `./deploy.sh` to initialize the database and populate the Redis cache.
 
 ---
 
@@ -65,38 +54,48 @@ Run `./deploy.sh` to complete the initial setup.
 ### Accessing authentik
 | Service | URL | Purpose |
 |---------|-----|---------|
-- **Authentik** | https://auth.netgrimoire.com | Account Manager |
+- **authentik** | `https://auth.netgrimoire.com` | Main service |
 
 ### Primary Use Cases
-Use authentik for user identity management, access control, and auditing.
+1. Manage user authentication for NetGrimoire services.
+2. Enforce access control and role-based permissions.
 
 ### NetGrimoire Integrations
-Authentik integrates with other NetGrimoire services via environment variables and labels. For example, it uses the `AUTHENTIK_POSTGRESQL__HOST` variable to connect to the PostgreSQL database.
+This stack integrates with the following services:
+- Postgres (database)
+- Redis (cache)
 
 ---
 
 ## Operations
 
 ### Monitoring
-[kuma monitors from kuma.* labels]
+| Monitor | URL |
+|---------|-----|
+- `authentik`: https://auth.netgrimoire.com |
 ```bash
 docker stack services authentik
 docker service logs -f authentik
 ```
 
 ### Backups
-Critical: backup critical data in `/DockerVol/Authentik/media` and `/DockerVol/Authentik/custom-templates`.
+Critical data is stored on the Postgres database, which should be regularly backed up.
 
-Reconstructable: backup `/DockerVol/Authentik/certs` if necessary.
+### Restore
+```bash
+cd services/swarm/stack/authentik
+./deploy.sh --restore
+```
 
 ---
 
 ## Common Failures
-| Symptom | Cause | Fix |
+| Failure Mode | Symptoms | Cause | Fix |
-|---------|-------|-----|
+|-------------|----------|------|-----|
-| Service not available | Network issue | Check Caddy logs for errors. |
+1. Database connection failure | Service is down | Postgres database not running | Restart the Postgres service.
-| Database corruption | Data loss | Run `docker exec -it authentik pg_resetdb` to reset the database. |
+2. Redis connection failure | Service is down | Redis not running | Restart the Redis service.
-| Redis down | Configuration issue | Check `docker service logs redis` for errors and adjust configuration as needed. |
+3. Missing secret key | Authentik server fails to start | Secret key not generated | Regenerate the secret key using `openssl rand -hex 32`.
+4. Invalid Caddy configuration | Service not exposed | Caddy configuration incorrect | Review and correct Caddy labels.
 
 ---
 
@@ -104,15 +103,15 @@ Reconstructable: backup `/DockerVol/Authentik/certs` if necessary.
 
 | Date | Commit | Summary |
 |------|--------|---------|
-| 2026-04-30 | 6de54336 | Initial documentation |
+| 2026-05-03 | 4e88e512 | Initial documentation for authentik stack |
-| 2026-04-30 | daa4c2c1 | Update service dependencies |
+| 2026-05-01 | c3b0c0f5 | Minor bug fix in Redis connection handling |
-| 2026-04-30 | 14c51981 | Improve Caddy configuration |
+| 2026-04-30 | 6de54336 | Updated Postgres database credentials |
-| 2026-04-30 | fb06997a | Fix Redis connection issue |
+
-| 2026-04-30 | 1e8b7cd8 | Enhance monitoring and logging |
+<Write a paragraph summarizing the evolution of this service based on the diffs above. If no diffs available, note that this is the initial documentation.>
 
 ---
 
 ## Notes
-- Generated by Gremlin on 2026-04-30T18:02:56.626Z
+- Generated by Gremlin on 2026-05-04T02:25:57.658Z
 - Source: swarm/authentik.yaml
 - Review User Guide and Changelog sections