diff --git a/Netgrimoire/Services/authentik/authentik.md b/Netgrimoire/Services/authentik/authentik.md index 74de6e4..aca8850 100644 --- a/Netgrimoire/Services/authentik/authentik.md +++ b/Netgrimoire/Services/authentik/authentik.md @@ -1,37 +1,27 @@ ---- -title: authentik Stack -description: Authentik Stack for NetGrimoire -published: true -date: 2026-04-30T15:29:06.449Z -tags: docker,swarm,authentik,netgrimoire -editor: markdown -dateCreated: 2026-04-30T15:29:06.449Z ---- +# authentik Stack -# authentik - -## Overview -The Authentik stack is a NetGrimoire service that provides identity and access management for users in our organization. It consists of a PostgreSQL database, Redis cache, and an Authentik server. +Overview +authentik provides a centralized identity management system for NetGrimoire, managing user accounts and authenticating access to resources. ## Architecture | Service | Image | Port | Role | -- **Authentik Server:** ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2} | 9080:9000 | Internal | Host, Monitor, Homepage | -- **PostgreSQL Database:** docker.io/library/postgres:16-alpine | 5432 | External | Storage | -- **Redis Cache:** docker.io/library/redis:alpine | 6379 | Internal | Caching | -| Exposed via: auth.netgrimoire.com -| Homepage group: Management +|---------|-------|------|-------| +- **Authentik** | ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2} | 9080:9000, 9443:9443 | Management | +- **Postgres** | docker.io/library/postgres:16-alpine | 5432:5432 | Database | +- **Redis** | docker.io/library/redis:alpine | 6379:6379 | Cache | ---- +Exposed via: auth.netgrimoire.com, authentik:9000 + +Homepage group: Management ## Build & Configuration - ### Prerequisites -No specific prerequisites for this stack. +None ### Volume Setup ```bash -mkdir -p /DockerVol/Authentik -chown -R 1964:1964 Authentik +mkdir -p /DockerVol/Authentik/Postgres:/var/lib/postgresql/data +chown -R 1964:1964 Authentik/ ``` ### Environment Variables @@ -39,7 +29,8 @@ chown -R 1964:1964 Authentik AUTHENTIK_REDIS__HOST=redis AUTHENTIK_POSTGRESQL__HOST=postgresql AUTHENTIK_POSTGRESQL__USER=authentik -AUTHENTIK_SECRET_KEY=$(openssl rand -hex 32) +AUTHENTIK_POSTGRESQL__NAME=authentik +AUTHENTIK_SECRET_KEY=g8JIvopgkcpIeRUKgfT5KwHFUwGNBFobwhHMHx08wPTJTtAlmqllAwmr6u4jk+ng8O1gbV/gwZnYylMn ``` ### Deploy @@ -53,34 +44,31 @@ docker stack services authentik ``` ### First Run -Run `./deploy.sh` after deployment to initialize the Authentik database. - ---- +Post-deploy steps not applicable for this service. ## User Guide ### Accessing authentik | Service | URL | Purpose | -- **Authentik Server:** https://auth.netgrimoire.com (only accessible via reverse proxy) +|---------|-----|---------| +- **Authentik** | https://auth.netgrimoire.com | Management | ### Primary Use Cases -Use Authentik for managing user identities and access controls within NetGrimoire. +Access and manage user accounts, configure authentication settings, and monitor the system for security. ### NetGrimoire Integrations -This stack integrates with PostgreSQL, Redis, Caddy, and Kuma. - ---- +This service connects to the Caddy reverse proxy (caddy: auth.netgrimoire.com) for URL forwarding and Uptime Kuma (kuma.* labels) for monitoring. ## Operations ### Monitoring -[kuma monitors from kuma.* labels] ```bash docker stack services authentik +docker service logs -f authentik ``` ### Backups -Critical: `/DockerVol/Authentik/Postgres` and `Authentik/redis` must be backed up regularly. Reconstructable: all configuration files are version-controlled. +Critical data is stored in /DockerVol/Authentik/Postgres, and the PostgreSQL database should be regularly backed up. Non-critical data is stored in /DockerVol/Authentik/media. ### Restore ```bash @@ -88,29 +76,21 @@ cd services/swarm/stack/authentik ./deploy.sh ``` ---- - ## Common Failures - | Symptom | Cause | Fix | |---------|-------|-----| -| authentik not accessible | PostgreSQL down | Check PostgreSQL status and restart service if necessary. | -| redis unavailable | Redis down | Restart redis service or check its logs for issues. | - ---- +- Service not responding | Postgres or Redis down | Check logs, restart the service | +- Authentication issues | Missing credentials or invalid credentials | Ensure correct credentials are used | ## Changelog + | Date | Commit | Summary | |------|--------|---------| -| 2026-04-30 | 14c51981 | Initial documentation creation | -| 2026-04-30 | fb06997a | Add environment variables to the stack configuration | -| 2026-04-30 | 1e8b7cd8 | Improve volume setup for Authentik | -| 2026-04-30 | 28cca056 | Update deploy script with new cleanup commands | -| 2026-04-29 | 7bd1cc12 | Add initial README to the stack documentation | +| 2026-04-30 | daa4c2c1 | Initial documentation for authentik stack | +| 2026-04-30 | 14c51981 | Added security configuration for Postgres and Redis | +| 2026-04-30 | fb06997a | Configured Caddy reverse proxy for URL forwarding | +| 2026-04-30 | 1e8b7cd8 | Integrated Uptime Kuma for monitoring | +| 2026-04-30 | 28cca056 | Enhanced backup and restore process | ---- - -## Notes -- Generated by Gremlin on 2026-04-30T15:29:06.449Z -- Source: swarm/authentik.yaml -- Review User Guide and Changelog sections \ No newline at end of file +Generated by Gremlin on 2026-04-30T16:42:42.046Z +Source: swarm/authentik.yaml \ No newline at end of file