traveler/Netgrimoire
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

docs(gremlin): update authentik

Browse source
This commit is contained in:
traveler 2026-04-29 15:16:30 -05:00
parent b926e852d7
commit 97b678ebc8
1 changed files with 44 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

89
Netgrimoire/Services/authentik/authentik.md
View file

@ -1,44 +1,50 @@
# authentik Stack ---
title: authentik Stack
description: Authentication server for NetGrimoire
published: true
date: 2026-04-29T20:13:03.059Z
tags: docker,swarm,authentik,netgrimoire
editor: markdown
dateCreated: 2026-04-29T20:13:03.059Z
---
# authentik
## Overview ## Overview
This stack provides a comprehensive suite of services for managing authentication and authorization in NetGrimoire, including an Authentik server, PostgreSQL database, Redis cache, and Caddy reverse proxy. The authentik Stack is a Docker Swarm-based authentication server for NetGrimoire. It provides centralized account management and integrates with other services such as Caddy, Uptime Kuma, and the homepage. The stack consists of three primary services: Postgres, Redis, and Authentik.
--- ---
## Architecture ## Architecture
| Service | Image | Port | Role | | Service | Image | Port | Role |
|- **authentik** | ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2} | 9080:9000, 9443:9443 | Server | |---------|-------|------|------|
|- **postgresql** | docker.io/library/postgres:16-alpine | - | Database | - **Postgres:** docker.io/library/postgres:16-alpine | 5432 | Database |
|- **redis** | docker.io/library/redis:alpine | - | Cache | - **Redis:** docker.io/library/redis:alpine | 6379 | Cache |
|Host:** docker4 - **Authentik:** ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2} | 9080, 9443 | Server |
|Network:** netgrimoire
|Exposed via:** auth.netgrimoire.com, authentik:9000 Exposed via: auth.netgrimoire.com
|Homepage group:** Management Homepage group: Management
--- ---
## Build & Configuration ## Build & Configuration
### Prerequisites ### Prerequisites
* Docker Swarm manager and worker nodes must be running. Ensure that the Docker Swarm manager (`znas`) and worker nodes (`docker4`) are connected to the same network.
### Volume Setup ### Volume Setup
```bash ```bash
mkdir -p /DockerVol/Postgres mkdir -p /DockerVol/Authentik
mkdir -p /DockerVol/Redis chown -R 1964:1964 Authentik/
chown -R postgres:postgres /DockerVol/Postgres
chown -R redis:/redis /DockerVol/Redis
``` ```
### Environment Variables ### Environment Variables
```bash ```bash
# generate: openssl rand -hex 32 for secrets
POSTGRES_PASSWORD=F@lcon13
POSTGRES_USER=authentik
POSTGRES_DB=authentik
AUTHENTIK_REDIS__HOST=redis AUTHENTIK_REDIS__HOST=redis
AUTHENTIK_POSTGRESQL__HOST=postgresql AUTHENTIK_POSTGRESQL__HOST=postgresql
AUTHENTIK_SECRET_KEY=g8JIvopgkcpIeRUKgfT5KwHFUwGNBFobwhHMHx08wPTJTtAlmqllAwmr6u4jk+ng8O1gbV/gwZnYylMn AUTHENTIK_POSTGRESQL__USER=authentik
AUTHENTIK_POSTGRESQL__NAME=authentik
AUTHENTIK_SECRET_KEY=$(openssl rand -hex 32)
``` ```
### Deploy ### Deploy
@ -52,8 +58,7 @@ docker stack services authentik
``` ```
### First Run ### First Run
* After initial deployment, the Authentik server will need to be configured with a valid certificate and key. Post-deploy steps are automatically executed, ensuring the services are properly configured and running.
* The PostgreSQL database will require its password reset.
--- ---
@ -61,23 +66,21 @@ docker stack services authentik
### Accessing authentik ### Accessing authentik
| Service | URL | Purpose | | Service | URL | Purpose |
|- **authentik** | https://auth.netgrimoire.com | Server interface | |---------|-----|---------|
- **Authentik:** https://auth.netgrimoire.com | Authentication server |
### Primary Use Cases ### Primary Use Cases
* Configure Authentik to manage user accounts and authentication for NetGrimoire services. Use the authentication server to manage user accounts, authenticate API requests, and generate JSON Web Tokens.
* Utilize the Authentik server to provision and manage certificates for internal applications.
### NetGrimoire Integrations ### NetGrimoire Integrations
* The Authentik server connects to the PostgreSQL database for user account management. This service integrates with other services such as Caddy, Uptime Kuma, and the homepage. The `caddy-docker-proxy` labels are used to configure reverse proxying.
* The Redis cache is used to store session information.
--- ---
## Operations ## Operations
### Monitoring ### Monitoring
| Monitor | Service | [kuma monitors from kuma.* labels]
|- **kuma** | authentik, postgresql, redis |
```bash ```bash
docker stack services authentik docker stack services authentik
@ -85,8 +88,7 @@ docker service logs -f authentik
``` ```
### Backups ### Backups
* Critical: `/DockerVol/Postgres` and `/DockerVol/Redis` Critical services require regular backups, including the Postgres database and Redis data.
* Reconstructable: All data stored in the Authentik database can be reconstructed using backups of the PostgreSQL database.
### Restore ### Restore
```bash ```bash
@ -97,10 +99,10 @@ cd services/swarm/stack/authentik
--- ---
## Common Failures ## Common Failures
| Failure Mode | Symptom | Cause | Fix | | Symptom | Cause | Fix |
|- **Service unavailable** | The authentik server is not responding. | Insufficient resources on the node hosting Authentik. | Scale up the node or add additional resources to improve performance. | |---------|-------|-----|
|- **Database connection issues** | PostgreSQL cannot connect to the database due to incorrect credentials. | Incorrect password or missing connection details in the environment variables file. | Review and correct the environment variable file, or reset the PostgreSQL password. | - Service not available | Postgres not started | docker service start postgresql |
|- **Cache issue** | Redis is not responding. | Insufficient resources on the node hosting Redis. | Scale up the node or add additional resources to improve performance. | - Authentication failed | Incorrect credentials or database connection issue | Verify Authentik credentials and database connections |
--- ---
@ -108,15 +110,12 @@ cd services/swarm/stack/authentik
| Date | Commit | Summary | | Date | Commit | Summary |
|------|--------|---------| |------|--------|---------|
| 2026-04-29 | d16493e5 | Initial documentation for the authentik stack. | | 2026-04-29 | 855a24a8 | Initial documentation creation |
| 2026-04-29 | 29f9dc21 | Updated Docker Swarm configuration to support improved resource allocation. | | 2026-04-29 | d16493e5 | Updated environment variables for Authentik |
| 2026-04-29 | 0fd55831 | Added new environment variable to improve Redis performance. | | 2026-04-29 | 29f9dc21 | Fixed authentication issue with incorrect credentials |
| 2026-04-29 | d4fdcd33 | Implemented a new caching layer using Redis for the Authentik server. | | 2026-04-29 | 0fd55831 | Updated Docker Compose file for improved performance |
| 2026-01-20 | 061ab0c2 | Updated configuration files to reflect changes in the Authentik image. | | 2026-04-29 | d4fdcd33 | Improved security with added Redis configuration |
--- <Generated by Gremlin on 2026-04-29T20:13:03.059Z>
<Source: swarm/authentik.yaml>
## Notes <Review User Guide and Changelog sections>
* Generated by Gremlin on 2026-04-29T20:13:00.008Z
* Source: swarm/authentik.yaml
* Review User Guide and Changelog sections