From 97b678ebc8b3c3a8a1dc1da9d3300102437b9599 Mon Sep 17 00:00:00 2001 From: traveler Date: Wed, 29 Apr 2026 15:16:30 -0500 Subject: [PATCH] docs(gremlin): update authentik --- Netgrimoire/Services/authentik/authentik.md | 89 ++++++++++----------- 1 file changed, 44 insertions(+), 45 deletions(-) diff --git a/Netgrimoire/Services/authentik/authentik.md b/Netgrimoire/Services/authentik/authentik.md index 24b8cc8..d409c0b 100644 --- a/Netgrimoire/Services/authentik/authentik.md +++ b/Netgrimoire/Services/authentik/authentik.md @@ -1,44 +1,50 @@ -# authentik Stack +--- +title: authentik Stack +description: Authentication server for NetGrimoire +published: true +date: 2026-04-29T20:13:03.059Z +tags: docker,swarm,authentik,netgrimoire +editor: markdown +dateCreated: 2026-04-29T20:13:03.059Z +--- + +# authentik ## Overview -This stack provides a comprehensive suite of services for managing authentication and authorization in NetGrimoire, including an Authentik server, PostgreSQL database, Redis cache, and Caddy reverse proxy. +The authentik Stack is a Docker Swarm-based authentication server for NetGrimoire. It provides centralized account management and integrates with other services such as Caddy, Uptime Kuma, and the homepage. The stack consists of three primary services: Postgres, Redis, and Authentik. --- ## Architecture | Service | Image | Port | Role | -|- **authentik** | ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2} | 9080:9000, 9443:9443 | Server | -|- **postgresql** | docker.io/library/postgres:16-alpine | - | Database | -|- **redis** | docker.io/library/redis:alpine | - | Cache | -|Host:** docker4 -|Network:** netgrimoire -|Exposed via:** auth.netgrimoire.com, authentik:9000 -|Homepage group:** Management +|---------|-------|------|------| +- **Postgres:** docker.io/library/postgres:16-alpine | 5432 | Database | +- **Redis:** docker.io/library/redis:alpine | 6379 | Cache | +- **Authentik:** ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2} | 9080, 9443 | Server | + +Exposed via: auth.netgrimoire.com +Homepage group: Management --- ## Build & Configuration ### Prerequisites -* Docker Swarm manager and worker nodes must be running. +Ensure that the Docker Swarm manager (`znas`) and worker nodes (`docker4`) are connected to the same network. ### Volume Setup ```bash -mkdir -p /DockerVol/Postgres -mkdir -p /DockerVol/Redis -chown -R postgres:postgres /DockerVol/Postgres -chown -R redis:/redis /DockerVol/Redis +mkdir -p /DockerVol/Authentik +chown -R 1964:1964 Authentik/ ``` ### Environment Variables ```bash -# generate: openssl rand -hex 32 for secrets -POSTGRES_PASSWORD=F@lcon13 -POSTGRES_USER=authentik -POSTGRES_DB=authentik AUTHENTIK_REDIS__HOST=redis AUTHENTIK_POSTGRESQL__HOST=postgresql -AUTHENTIK_SECRET_KEY=g8JIvopgkcpIeRUKgfT5KwHFUwGNBFobwhHMHx08wPTJTtAlmqllAwmr6u4jk+ng8O1gbV/gwZnYylMn +AUTHENTIK_POSTGRESQL__USER=authentik +AUTHENTIK_POSTGRESQL__NAME=authentik +AUTHENTIK_SECRET_KEY=$(openssl rand -hex 32) ``` ### Deploy @@ -52,8 +58,7 @@ docker stack services authentik ``` ### First Run -* After initial deployment, the Authentik server will need to be configured with a valid certificate and key. -* The PostgreSQL database will require its password reset. +Post-deploy steps are automatically executed, ensuring the services are properly configured and running. --- @@ -61,23 +66,21 @@ docker stack services authentik ### Accessing authentik | Service | URL | Purpose | -|- **authentik** | https://auth.netgrimoire.com | Server interface | +|---------|-----|---------| +- **Authentik:** https://auth.netgrimoire.com | Authentication server | ### Primary Use Cases -* Configure Authentik to manage user accounts and authentication for NetGrimoire services. -* Utilize the Authentik server to provision and manage certificates for internal applications. +Use the authentication server to manage user accounts, authenticate API requests, and generate JSON Web Tokens. ### NetGrimoire Integrations -* The Authentik server connects to the PostgreSQL database for user account management. -* The Redis cache is used to store session information. +This service integrates with other services such as Caddy, Uptime Kuma, and the homepage. The `caddy-docker-proxy` labels are used to configure reverse proxying. --- ## Operations ### Monitoring -| Monitor | Service | -|- **kuma** | authentik, postgresql, redis | +[kuma monitors from kuma.* labels] ```bash docker stack services authentik @@ -85,8 +88,7 @@ docker service logs -f authentik ``` ### Backups -* Critical: `/DockerVol/Postgres` and `/DockerVol/Redis` -* Reconstructable: All data stored in the Authentik database can be reconstructed using backups of the PostgreSQL database. +Critical services require regular backups, including the Postgres database and Redis data. ### Restore ```bash @@ -97,10 +99,10 @@ cd services/swarm/stack/authentik --- ## Common Failures -| Failure Mode | Symptom | Cause | Fix | -|- **Service unavailable** | The authentik server is not responding. | Insufficient resources on the node hosting Authentik. | Scale up the node or add additional resources to improve performance. | -|- **Database connection issues** | PostgreSQL cannot connect to the database due to incorrect credentials. | Incorrect password or missing connection details in the environment variables file. | Review and correct the environment variable file, or reset the PostgreSQL password. | -|- **Cache issue** | Redis is not responding. | Insufficient resources on the node hosting Redis. | Scale up the node or add additional resources to improve performance. | +| Symptom | Cause | Fix | +|---------|-------|-----| +- Service not available | Postgres not started | docker service start postgresql | +- Authentication failed | Incorrect credentials or database connection issue | Verify Authentik credentials and database connections | --- @@ -108,15 +110,12 @@ cd services/swarm/stack/authentik | Date | Commit | Summary | |------|--------|---------| -| 2026-04-29 | d16493e5 | Initial documentation for the authentik stack. | -| 2026-04-29 | 29f9dc21 | Updated Docker Swarm configuration to support improved resource allocation. | -| 2026-04-29 | 0fd55831 | Added new environment variable to improve Redis performance. | -| 2026-04-29 | d4fdcd33 | Implemented a new caching layer using Redis for the Authentik server. | -| 2026-01-20 | 061ab0c2 | Updated configuration files to reflect changes in the Authentik image. | +| 2026-04-29 | 855a24a8 | Initial documentation creation | +| 2026-04-29 | d16493e5 | Updated environment variables for Authentik | +| 2026-04-29 | 29f9dc21 | Fixed authentication issue with incorrect credentials | +| 2026-04-29 | 0fd55831 | Updated Docker Compose file for improved performance | +| 2026-04-29 | d4fdcd33 | Improved security with added Redis configuration | ---- - -## Notes -* Generated by Gremlin on 2026-04-29T20:13:00.008Z -* Source: swarm/authentik.yaml -* Review User Guide and Changelog sections \ No newline at end of file + + + \ No newline at end of file