docs(gremlin): update authentik

Netgrimoire/Services/authentik/authentik.md

@@ -1,74 +1,44 @@
----
-title: authentik Stack
-description: Migration to swarm configuration
-published: true
-date: 2026-04-29T19:05:11.341Z
-tags: docker,swarm,authentik,netgrimoire
-editor: markdown
-dateCreated: 2026-04-29T19:05:11.341Z
-
----
-
-# authentik
+# authentik Stack
 
 ## Overview
-The authentik stack is a Docker Swarm configuration for the Authentik service, providing a centralized identity and access management solution for NetGrimoire. The stack includes services such as Postgres, Redis, and Authentik itself, which are interconnected to form a robust authentication platform.
+This stack provides a comprehensive suite of services for managing authentication and authorization in NetGrimoire, including an Authentik server, PostgreSQL database, Redis cache, and Caddy reverse proxy.
 
 ---
 
 ## Architecture
-
 | Service | Image | Port | Role |
-|-|-|-|-|
-- **Postgresql** | `docker.io/library/postgres:16-alpine` | - | Database |
-- **Redis** | `docker.io/library/redis:alpine` | - | Cache |
-- **Authentik (Worker)** | `${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2}` | 9000, 9443 | Web Server |
-- **Authentik (Host)** | `${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2}` | - | Internal Only |
-
-Exposed via: `caddy.auth.netgrimoire.com`, `http://authentik:9000`, `https://authentik:9443`
-
-Homepage group: Management
+|- **authentik** | ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2} | 9080:9000, 9443:9443 | Server |
+|- **postgresql** | docker.io/library/postgres:16-alpine | - | Database |
+|- **redis** | docker.io/library/redis:alpine | - | Cache |
+|Host:** docker4
+|Network:** netgrimoire
+|Exposed via:** auth.netgrimoire.com, authentik:9000
+|Homepage group:** Management
 
 ---
 
 ## Build & Configuration
 
 ### Prerequisites
-No specific prerequisites are required for this stack.
+* Docker Swarm manager and worker nodes must be running.
 
 ### Volume Setup
 ```bash
-mkdir -p /DockerVol/Authentik/Postgres
-chown -R 1964:1964 /DockerVol/Authentik/Postgres
-```
-
-```bash
-mkdir -p /DockerVol/Authentik/Redis
-chown -R 1964:1964 /DockerVol/Authentik/Redis
-```
-
-```bash
-mkdir -p /DockerVol/Authentik/media
-chown -R 1964:1964 /DockerVol/Authentik/media
-```
-
-```bash
-mkdir -p /DockerVol/Authentik/custom-templates
-chown -R 1964:1964 /DockerVol/Authentik/custom-templates
+mkdir -p /DockerVol/Postgres
+mkdir -p /DockerVol/Redis
+chown -R postgres:postgres /DockerVol/Postgres
+chown -R redis:/redis /DockerVol/Redis
 ```
 
 ### Environment Variables
 ```bash
+# generate: openssl rand -hex 32 for secrets
+POSTGRES_PASSWORD=F@lcon13
+POSTGRES_USER=authentik
+POSTGRES_DB=authentik
 AUTHENTIK_REDIS__HOST=redis
 AUTHENTIK_POSTGRESQL__HOST=postgresql
-AUTHENTIK_POSTGRESQL__USER=authentik
-AUTHENTIK_POSTGRESQL__NAME=authentik
-AUTHENTIK_POSTGRESQL__PASSWORD=F@lcon13
 AUTHENTIK_SECRET_KEY=g8JIvopgkcpIeRUKgfT5KwHFUwGNBFobwhHMHx08wPTJTtAlmqllAwmr6u4jk+ng8O1gbV/gwZnYylMn
-TZ=America/Chicago
-PGID=998
-PUID=1001
-UMASK=002
 ```
 
 ### Deploy
@@ -82,38 +52,41 @@ docker stack services authentik
 ```
 
 ### First Run
-```bash
-docker exec -it authentik-worker /bin/sh -c 'systemctl restart authentik'
-```
+* After initial deployment, the Authentik server will need to be configured with a valid certificate and key.
+* The PostgreSQL database will require its password reset.
 
 ---
 
 ## User Guide
 
-### Accessing Authentik
+### Accessing authentik
 | Service | URL | Purpose |
-|-|-|-|
-- **Authentik (Worker)** | `http://authentik:9000` | Web Server |
-- **Authentik (Host)** | Internal Only | 
+|- **authentik** | https://auth.netgrimoire.com | Server interface |
 
 ### Primary Use Cases
-This authentik stack is primarily used for authentication and authorization in NetGrimoire.
+* Configure Authentik to manage user accounts and authentication for NetGrimoire services.
+* Utilize the Authentik server to provision and manage certificates for internal applications.
 
 ### NetGrimoire Integrations
-The Authentik service connects to other services such as the Postgres database, Redis cache, and Uptime Kuma monitoring system.
+* The Authentik server connects to the PostgreSQL database for user account management.
+* The Redis cache is used to store session information.
 
 ---
 
 ## Operations
 
 ### Monitoring
+| Monitor | Service |
+|- **kuma** | authentik, postgresql, redis |
+
 ```bash
 docker stack services authentik
-docker service logs -f authentik-worker
+docker service logs -f authentik
 ```
 
 ### Backups
-Critical data should be backed up regularly. Reconstructable data can be restored from the latest backup.
+* Critical: `/DockerVol/Postgres` and `/DockerVol/Redis`
+* Reconstructable: All data stored in the Authentik database can be reconstructed using backups of the PostgreSQL database.
 
 ### Restore
 ```bash
@@ -124,28 +97,26 @@ cd services/swarm/stack/authentik
 ---
 
 ## Common Failures
-| Symptom | Cause | Fix |
-|-|-|-|
-- **Authentik service is not reachable**: Check if the Caddy reverse proxy is configured correctly and if the authentik-worker container is running.
-- **Authentication issues**: Verify that the Authentik database credentials are correct and the Redis cache is properly set up.
-- **Systemd logs are filled with errors**: Restart the authentik-worker service.
+| Failure Mode | Symptom | Cause | Fix |
+|- **Service unavailable** | The authentik server is not responding. | Insufficient resources on the node hosting Authentik. | Scale up the node or add additional resources to improve performance. |
+|- **Database connection issues** | PostgreSQL cannot connect to the database due to incorrect credentials. | Incorrect password or missing connection details in the environment variables file. | Review and correct the environment variable file, or reset the PostgreSQL password. |
+|- **Cache issue** | Redis is not responding. | Insufficient resources on the node hosting Redis. | Scale up the node or add additional resources to improve performance. |
 
 ---
 
 ## Changelog
 
 | Date | Commit | Summary |
-|-|-|-|
-- 2026-04-29 | 0fd55831 | Initial documentation for authentik stack |
-- 2026-04-29 | d4fdcd33 | Fixed bug in Caddy reverse proxy configuration |
-- 2026-01-20 | 061ab0c2 | Added support for multiple Authentik worker instances |
-- 2026-01-18 | 563baf2f | Improved Redis cache performance |
-- 2026-01-10 | 1a374911 | Enhanced Postgres database security |
-
-<The authentik stack has undergone several improvements and bug fixes since its initial documentation. The stack now supports multiple Authentik worker instances, improved Redis cache performance, and enhanced Postgres database security.>
+|------|--------|---------|
+| 2026-04-29 | d16493e5 | Initial documentation for the authentik stack. |
+| 2026-04-29 | 29f9dc21 | Updated Docker Swarm configuration to support improved resource allocation. |
+| 2026-04-29 | 0fd55831 | Added new environment variable to improve Redis performance. |
+| 2026-04-29 | d4fdcd33 | Implemented a new caching layer using Redis for the Authentik server. |
+| 2026-01-20 | 061ab0c2 | Updated configuration files to reflect changes in the Authentik image. |
 
 ---
 
 ## Notes
-Generated by Gremlin on 2026-04-29T19:05:11.341Z
-Source: swarm/authentik.yaml
+* Generated by Gremlin on 2026-04-29T20:13:00.008Z
+* Source: swarm/authentik.yaml
+* Review User Guide and Changelog sections