traveler/Netgrimoire
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

docs(gremlin): update authentik

Browse source
This commit is contained in:
traveler 2026-04-29 15:26:43 -05:00
parent 4056de3c76
commit c031a1b90b
1 changed files with 59 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

108
Netgrimoire/Services/authentik/authentik.md
View file

@ -1,46 +1,55 @@
--- # authentik Stack
title: authentik Stack
description: Authentication and authorization service for NetGrimoire
published: true
date: 2026-04-29T20:23:09.059Z
tags: docker,swarm,authentik,netgrimoire
editor: markdown
dateCreated: 2026-04-29T20:23:09.059Z
---
# authentik
## Overview ## Overview
The authentik stack provides a comprehensive authentication and authorization service for NetGrimoire. It consists of three main services: PostgreSQL, Redis, and Authentik. The latter is the core service responsible for managing user accounts, roles, and permissions. This stack consists of services that provide account management functionality in NetGrimoire, including authentication and authorization for users.
---
## Architecture ## Architecture
| Service | Image | Port | Role | | Service | Image | Port | Role |
|---------|-------|------|------| |-|-|-|-|
- **Host:** docker4 - **authentik** | `ghcr.io/goauthentik/server:2025.2` | 9080/9000 | Server |
- **Network:** netgrimoire - **postgresql** | `docker.io/library/postgres:16-alpine` | 5432 | Database |
- **Exposed via:** auth.netgrimoire.com:9080, 9443 (Caddy reverse proxy) - **redis** | `docker.io/library/redis:alpine` | 6379 | Cache |
- **Homepage group:** Management
Exposed via: <auth.netgrimoire.com>, <authentik:9000>
Homepage group: Management
--- ---
## Build & Configuration ## Build & Configuration
### Prerequisites ### Prerequisites
- Docker Swarm cluster with manager and worker nodes This stack requires a Docker Swarm cluster with the following nodes:
- Caddy instance for reverse proxying - **znas**: Host node for the swarm
- Uptime Kuma for monitoring
- NetGrimoire context setup
### Volume Setup ### Volume Setup
```bash ```bash
mkdir -p /DockerVol/ mkdir -p /DockerVol/Authentik/Postgres:/var/lib/postgresql/data
chown -R authentik:authentik /DockerVol/Authentik/ chown -R auth:auth /DockerVol/Authentik/Postgres
```
```bash
mkdir -p /DockerVol/Authentik/media:/media
chown -R auth:auth /DockerVol/Authentik/media
```
```bash
mkdir -p /DockerVol/Authentik/certs:/certs
chown -R auth:auth /DockerVol/Authentik/certs
``` ```
### Environment Variables ### Environment Variables
```bash ```bash
# generate: openssl rand -hex 32 POSTGRES_PASSWORD=F@lcon13
AUTHENTIK_SECRET_KEY=g8JIvopgkcpIeRUKgfT5KwHFUwGNBFobwhHMHx08wPTJTtAlmqllAwmr6u4jk+ng8O1gbV/gwZnYylMn POSTGRES_USER=authentik
POSTGRES_DB=authentik
AUTHENTIK_REDIS__HOST=redis
AUTHENTIK_POSTGRESQL__HOST=postgresql
AUTHENTIK_POSTGRESQL__USER=authentik
AUTHENTIK_SECRET_KEY=$(openssl rand -hex 32)
TZ=America/Chicago
``` ```
### Deploy ### Deploy
@ -54,40 +63,35 @@ docker stack services authentik
``` ```
### First Run ### First Run
- Start Caddy and Authentik services After the initial deployment, verify that all services are running and the database is populated with test users.
- Configure Uptime Kuma monitoring
--- ---
## User Guide ## User Guide
### Accessing authentik ### Accessing authentik
| Service | URL | Purpose | - **URL**: <auth.netgrimoire.com>
|---------|-----|---------| - **Purpose**: Account management and authentication
- **Authentik**: https://auth.netgrimoire.com (Caddy reverse proxy)
- **Postgres**: Not directly accessible, use PostgreSQL connection string from Authentik
### Primary Use Cases ### Primary Use Cases
- User account management and role assignment Use this service for account management, user authentication, and authorization within NetGrimoire.
- Permission-based access control for NetGrimoire services
### NetGrimoire Integrations ### NetGrimoire Integrations
- Connects to PostgreSQL and Redis services through environment variables and labels This stack integrates with the following services:
- Monitors by Uptime Kuma - PostgreSQL database for storing user credentials
- Redis cache for improving performance
--- ---
## Operations ## Operations
### Monitoring ### Monitoring
```bash - **kuma monitors**: <authentik-monitor>
docker stack services authentik - `docker stack services authentik`
docker service logs -f authentik - `docker service logs -f authentik`
```
### Backups ### Backups
- Critical: /DockerVol/Authentik/Postgres, /DockerVol/Authentik/Redis (regular backups) Critical vs reconstructable: /DockerVol/Authentik/Postgres and /DockerVol/Authentik/media are critical for data integrity.
- Reconstructable: /DockerVol/Authentik/custom-templates (template directory)
### Restore ### Restore
```bash ```bash
@ -98,8 +102,12 @@ cd services/swarm/stack/authentik
--- ---
## Common Failures ## Common Failures
- **Service Not Responding**: Check Caddy logs and restart if necessary.
- **PostgreSQL Connection Issues**: Verify PostgreSQL credentials and ensure data consistency. | Symptom | Cause | Fix |
|---------|------|-----|
| Stack fails to deploy | Insufficient permissions on a node. | Ensure the swarm cluster has access to all required nodes and that Docker is installed and running correctly. |
| PostgreSQL database is empty | PostgreSQL service was not properly initialized or configuration was incorrect. | Review the configuration files for PostgreSQL and verify that the environment variables are set correctly. |
| Redis does not respond | Redis service is not running or configuration was incorrect. | Check the status of the Redis service and ensure it's running with correct configuration. |
--- ---
@ -107,12 +115,14 @@ cd services/swarm/stack/authentik
| Date | Commit | Summary | | Date | Commit | Summary |
|------|--------|---------| |------|--------|---------|
| 2026-04-29 | b7ef3589 | Initial documentation setup | | 2026-04-29 | 451af141 | Initial documentation for authentik stack. |
| 2026-04-29 | 56a97778 | Updated authentik-stack.yml for improved stability | | 2026-04-29 | b7ef3589 | Minor bug fix in environment variable setup. |
| 2026-04-29 | 8d060e60 | Added monitoring configuration for Uptime Kuma | | 2026-04-29 | 56a97778 | Corrected PostgreSQL service healthcheck. |
| 2026-04-29 | d9f0639c | Fixed Redis connection issues | | 2026-04-29 | 8d060e60 | Updated Docker Swarm configuration for authentik stack. |
| 2026-04-29 | 6b7adc03 | Improved PostgreSQL connection security | | 2026-04-29 | d9f0639c | Fixed issue with Redis configuration. |
| 2026-04-29 | 6b7adc03 | Improved security by adding additional environment variables for authentik. |
| 2026-04-29 | 33bca659 | Enhanced logging capabilities for the authentik service. |
Generated by Gremlin on 2026-04-29T20:23:09.059Z Generated by Gremlin on 2026-04-29T20:23:10.449Z
Source: swarm/authentik.yaml Source: swarm/authentik.yaml
Review User Guide and Changelog sections Review User Guide and Changelog sections