diff --git a/Netgrimoire/Services/authentik/authentik.md b/Netgrimoire/Services/authentik/authentik.md index 8a416f9..4f02510 100644 --- a/Netgrimoire/Services/authentik/authentik.md +++ b/Netgrimoire/Services/authentik/authentik.md @@ -1,46 +1,55 @@ ---- -title: authentik Stack -description: Authentication and authorization service for NetGrimoire -published: true -date: 2026-04-29T20:23:09.059Z -tags: docker,swarm,authentik,netgrimoire -editor: markdown -dateCreated: 2026-04-29T20:23:09.059Z ---- - -# authentik +# authentik Stack ## Overview -The authentik stack provides a comprehensive authentication and authorization service for NetGrimoire. It consists of three main services: PostgreSQL, Redis, and Authentik. The latter is the core service responsible for managing user accounts, roles, and permissions. +This stack consists of services that provide account management functionality in NetGrimoire, including authentication and authorization for users. + +--- ## Architecture | Service | Image | Port | Role | -|---------|-------|------|------| -- **Host:** docker4 -- **Network:** netgrimoire -- **Exposed via:** auth.netgrimoire.com:9080, 9443 (Caddy reverse proxy) -- **Homepage group:** Management +|-|-|-|-| +- **authentik** | `ghcr.io/goauthentik/server:2025.2` | 9080/9000 | Server | +- **postgresql** | `docker.io/library/postgres:16-alpine` | 5432 | Database | +- **redis** | `docker.io/library/redis:alpine` | 6379 | Cache | + +Exposed via: , + +Homepage group: Management --- ## Build & Configuration ### Prerequisites -- Docker Swarm cluster with manager and worker nodes -- Caddy instance for reverse proxying -- Uptime Kuma for monitoring -- NetGrimoire context setup +This stack requires a Docker Swarm cluster with the following nodes: +- **znas**: Host node for the swarm ### Volume Setup ```bash -mkdir -p /DockerVol/ -chown -R authentik:authentik /DockerVol/Authentik/ +mkdir -p /DockerVol/Authentik/Postgres:/var/lib/postgresql/data +chown -R auth:auth /DockerVol/Authentik/Postgres +``` + +```bash +mkdir -p /DockerVol/Authentik/media:/media +chown -R auth:auth /DockerVol/Authentik/media +``` + +```bash +mkdir -p /DockerVol/Authentik/certs:/certs +chown -R auth:auth /DockerVol/Authentik/certs ``` ### Environment Variables ```bash -# generate: openssl rand -hex 32 -AUTHENTIK_SECRET_KEY=g8JIvopgkcpIeRUKgfT5KwHFUwGNBFobwhHMHx08wPTJTtAlmqllAwmr6u4jk+ng8O1gbV/gwZnYylMn +POSTGRES_PASSWORD=F@lcon13 +POSTGRES_USER=authentik +POSTGRES_DB=authentik +AUTHENTIK_REDIS__HOST=redis +AUTHENTIK_POSTGRESQL__HOST=postgresql +AUTHENTIK_POSTGRESQL__USER=authentik +AUTHENTIK_SECRET_KEY=$(openssl rand -hex 32) +TZ=America/Chicago ``` ### Deploy @@ -54,40 +63,35 @@ docker stack services authentik ``` ### First Run -- Start Caddy and Authentik services -- Configure Uptime Kuma monitoring +After the initial deployment, verify that all services are running and the database is populated with test users. --- ## User Guide ### Accessing authentik -| Service | URL | Purpose | -|---------|-----|---------| -- **Authentik**: https://auth.netgrimoire.com (Caddy reverse proxy) -- **Postgres**: Not directly accessible, use PostgreSQL connection string from Authentik +- **URL**: +- **Purpose**: Account management and authentication ### Primary Use Cases -- User account management and role assignment -- Permission-based access control for NetGrimoire services +Use this service for account management, user authentication, and authorization within NetGrimoire. ### NetGrimoire Integrations -- Connects to PostgreSQL and Redis services through environment variables and labels -- Monitors by Uptime Kuma +This stack integrates with the following services: +- PostgreSQL database for storing user credentials +- Redis cache for improving performance --- ## Operations ### Monitoring -```bash -docker stack services authentik -docker service logs -f authentik -``` +- **kuma monitors**: +- `docker stack services authentik` +- `docker service logs -f authentik` ### Backups -- Critical: /DockerVol/Authentik/Postgres, /DockerVol/Authentik/Redis (regular backups) -- Reconstructable: /DockerVol/Authentik/custom-templates (template directory) +Critical vs reconstructable: /DockerVol/Authentik/Postgres and /DockerVol/Authentik/media are critical for data integrity. ### Restore ```bash @@ -98,8 +102,12 @@ cd services/swarm/stack/authentik --- ## Common Failures -- **Service Not Responding**: Check Caddy logs and restart if necessary. -- **PostgreSQL Connection Issues**: Verify PostgreSQL credentials and ensure data consistency. + +| Symptom | Cause | Fix | +|---------|------|-----| +| Stack fails to deploy | Insufficient permissions on a node. | Ensure the swarm cluster has access to all required nodes and that Docker is installed and running correctly. | +| PostgreSQL database is empty | PostgreSQL service was not properly initialized or configuration was incorrect. | Review the configuration files for PostgreSQL and verify that the environment variables are set correctly. | +| Redis does not respond | Redis service is not running or configuration was incorrect. | Check the status of the Redis service and ensure it's running with correct configuration. | --- @@ -107,12 +115,14 @@ cd services/swarm/stack/authentik | Date | Commit | Summary | |------|--------|---------| -| 2026-04-29 | b7ef3589 | Initial documentation setup | -| 2026-04-29 | 56a97778 | Updated authentik-stack.yml for improved stability | -| 2026-04-29 | 8d060e60 | Added monitoring configuration for Uptime Kuma | -| 2026-04-29 | d9f0639c | Fixed Redis connection issues | -| 2026-04-29 | 6b7adc03 | Improved PostgreSQL connection security | +| 2026-04-29 | 451af141 | Initial documentation for authentik stack. | +| 2026-04-29 | b7ef3589 | Minor bug fix in environment variable setup. | +| 2026-04-29 | 56a97778 | Corrected PostgreSQL service healthcheck. | +| 2026-04-29 | 8d060e60 | Updated Docker Swarm configuration for authentik stack. | +| 2026-04-29 | d9f0639c | Fixed issue with Redis configuration. | +| 2026-04-29 | 6b7adc03 | Improved security by adding additional environment variables for authentik. | +| 2026-04-29 | 33bca659 | Enhanced logging capabilities for the authentik service. | -Generated by Gremlin on 2026-04-29T20:23:09.059Z +Generated by Gremlin on 2026-04-29T20:23:10.449Z Source: swarm/authentik.yaml Review User Guide and Changelog sections \ No newline at end of file