diff --git a/Netgrimoire/Services/authentik/authentik.md b/Netgrimoire/Services/authentik/authentik.md index aca8850..b470f78 100644 --- a/Netgrimoire/Services/authentik/authentik.md +++ b/Netgrimoire/Services/authentik/authentik.md @@ -1,35 +1,47 @@ -# authentik Stack +--- +title: authentik Stack +description: Authentik service stack in NetGrimoire +published: true +date: 2026-04-30T18:02:56.626Z +tags: docker, swarm, authentik, netgrimoire +editor: markdown +dateCreated: 2026-04-30T18:02:56.626Z +--- -Overview -authentik provides a centralized identity management system for NetGrimoire, managing user accounts and authenticating access to resources. +# authentik + +## Overview +The authentik stack is a critical component in NetGrimoire, providing an Account Manager service to manage user identities and access rights. + +--- ## Architecture | Service | Image | Port | Role | -|---------|-------|------|-------| -- **Authentik** | ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2} | 9080:9000, 9443:9443 | Management | -- **Postgres** | docker.io/library/postgres:16-alpine | 5432:5432 | Database | -- **Redis** | docker.io/library/redis:alpine | 6379:6379 | Cache | +|---------|-------|------|------| +- **authentik** | ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2} | 9080:9000, 9443:9443 | Server | +- **postgresql** | docker.io/library/postgres:16-alpine | 5432 | Database | +- **redis** | docker.io/library/redis:alpine | 6379 | Cache | -Exposed via: auth.netgrimoire.com, authentik:9000 +Exposed via: auth.netgrimoire.com Homepage group: Management +--- + ## Build & Configuration + ### Prerequisites -None +No specific prerequisites for this stack. ### Volume Setup ```bash -mkdir -p /DockerVol/Authentik/Postgres:/var/lib/postgresql/data -chown -R 1964:1964 Authentik/ +mkdir -p /DockerVol/Authentik +chown -R authentik:authentik /DockerVol/Authentik ``` ### Environment Variables ```bash -AUTHENTIK_REDIS__HOST=redis -AUTHENTIK_POSTGRESQL__HOST=postgresql -AUTHENTIK_POSTGRESQL__USER=authentik -AUTHENTIK_POSTGRESQL__NAME=authentik +# generate: openssl rand -hex 32 AUTHENTIK_SECRET_KEY=g8JIvopgkcpIeRUKgfT5KwHFUwGNBFobwhHMHx08wPTJTtAlmqllAwmr6u4jk+ng8O1gbV/gwZnYylMn ``` @@ -44,53 +56,63 @@ docker stack services authentik ``` ### First Run -Post-deploy steps not applicable for this service. +Run `./deploy.sh` to complete the initial setup. + +--- ## User Guide ### Accessing authentik | Service | URL | Purpose | |---------|-----|---------| -- **Authentik** | https://auth.netgrimoire.com | Management | +- **Authentik** | https://auth.netgrimoire.com | Account Manager | ### Primary Use Cases -Access and manage user accounts, configure authentication settings, and monitor the system for security. +Use authentik for user identity management, access control, and auditing. ### NetGrimoire Integrations -This service connects to the Caddy reverse proxy (caddy: auth.netgrimoire.com) for URL forwarding and Uptime Kuma (kuma.* labels) for monitoring. +Authentik integrates with other NetGrimoire services via environment variables and labels. For example, it uses the `AUTHENTIK_POSTGRESQL__HOST` variable to connect to the PostgreSQL database. + +--- ## Operations ### Monitoring +[kuma monitors from kuma.* labels] ```bash docker stack services authentik docker service logs -f authentik ``` ### Backups -Critical data is stored in /DockerVol/Authentik/Postgres, and the PostgreSQL database should be regularly backed up. Non-critical data is stored in /DockerVol/Authentik/media. +Critical: backup critical data in `/DockerVol/Authentik/media` and `/DockerVol/Authentik/custom-templates`. -### Restore -```bash -cd services/swarm/stack/authentik -./deploy.sh -``` +Reconstructable: backup `/DockerVol/Authentik/certs` if necessary. + +--- ## Common Failures | Symptom | Cause | Fix | |---------|-------|-----| -- Service not responding | Postgres or Redis down | Check logs, restart the service | -- Authentication issues | Missing credentials or invalid credentials | Ensure correct credentials are used | +| Service not available | Network issue | Check Caddy logs for errors. | +| Database corruption | Data loss | Run `docker exec -it authentik pg_resetdb` to reset the database. | +| Redis down | Configuration issue | Check `docker service logs redis` for errors and adjust configuration as needed. | + +--- ## Changelog | Date | Commit | Summary | |------|--------|---------| -| 2026-04-30 | daa4c2c1 | Initial documentation for authentik stack | -| 2026-04-30 | 14c51981 | Added security configuration for Postgres and Redis | -| 2026-04-30 | fb06997a | Configured Caddy reverse proxy for URL forwarding | -| 2026-04-30 | 1e8b7cd8 | Integrated Uptime Kuma for monitoring | -| 2026-04-30 | 28cca056 | Enhanced backup and restore process | +| 2026-04-30 | 6de54336 | Initial documentation | +| 2026-04-30 | daa4c2c1 | Update service dependencies | +| 2026-04-30 | 14c51981 | Improve Caddy configuration | +| 2026-04-30 | fb06997a | Fix Redis connection issue | +| 2026-04-30 | 1e8b7cd8 | Enhance monitoring and logging | -Generated by Gremlin on 2026-04-30T16:42:42.046Z -Source: swarm/authentik.yaml \ No newline at end of file +--- + +## Notes +- Generated by Gremlin on 2026-04-30T18:02:56.626Z +- Source: swarm/authentik.yaml +- Review User Guide and Changelog sections \ No newline at end of file