traveler/Netgrimoire
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

docs(gremlin): update authentik

Browse source
This commit is contained in:
traveler 2026-04-30 13:05:56 -05:00
parent a1b69cb6f0
commit d3acf4ab4e
1 changed files with 56 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

90
Netgrimoire/Services/authentik/authentik.md
View file

@ -1,35 +1,47 @@
# authentik Stack ---
title: authentik Stack
description: Authentik service stack in NetGrimoire
published: true
date: 2026-04-30T18:02:56.626Z
tags: docker, swarm, authentik, netgrimoire
editor: markdown
dateCreated: 2026-04-30T18:02:56.626Z
---
Overview # authentik
authentik provides a centralized identity management system for NetGrimoire, managing user accounts and authenticating access to resources.
## Overview
The authentik stack is a critical component in NetGrimoire, providing an Account Manager service to manage user identities and access rights.
---
## Architecture ## Architecture
| Service | Image | Port | Role | | Service | Image | Port | Role |
|---------|-------|------|-------| |---------|-------|------|------|
- **Authentik** | ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2} | 9080:9000, 9443:9443 | Management | - **authentik** | ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2} | 9080:9000, 9443:9443 | Server |
- **Postgres** | docker.io/library/postgres:16-alpine | 5432:5432 | Database | - **postgresql** | docker.io/library/postgres:16-alpine | 5432 | Database |
- **Redis** | docker.io/library/redis:alpine | 6379:6379 | Cache | - **redis** | docker.io/library/redis:alpine | 6379 | Cache |
Exposed via: auth.netgrimoire.com, authentik:9000 Exposed via: auth.netgrimoire.com
Homepage group: Management Homepage group: Management
---
## Build & Configuration ## Build & Configuration
### Prerequisites ### Prerequisites
None No specific prerequisites for this stack.
### Volume Setup ### Volume Setup
```bash ```bash
mkdir -p /DockerVol/Authentik/Postgres:/var/lib/postgresql/data mkdir -p /DockerVol/Authentik
chown -R 1964:1964 Authentik/ chown -R authentik:authentik /DockerVol/Authentik
``` ```
### Environment Variables ### Environment Variables
```bash ```bash
AUTHENTIK_REDIS__HOST=redis # generate: openssl rand -hex 32
AUTHENTIK_POSTGRESQL__HOST=postgresql
AUTHENTIK_POSTGRESQL__USER=authentik
AUTHENTIK_POSTGRESQL__NAME=authentik
AUTHENTIK_SECRET_KEY=g8JIvopgkcpIeRUKgfT5KwHFUwGNBFobwhHMHx08wPTJTtAlmqllAwmr6u4jk+ng8O1gbV/gwZnYylMn AUTHENTIK_SECRET_KEY=g8JIvopgkcpIeRUKgfT5KwHFUwGNBFobwhHMHx08wPTJTtAlmqllAwmr6u4jk+ng8O1gbV/gwZnYylMn
``` ```
@ -44,53 +56,63 @@ docker stack services authentik
``` ```
### First Run ### First Run
Post-deploy steps not applicable for this service. Run `./deploy.sh` to complete the initial setup.
---
## User Guide ## User Guide
### Accessing authentik ### Accessing authentik
| Service | URL | Purpose | | Service | URL | Purpose |
|---------|-----|---------| |---------|-----|---------|
- **Authentik** | https://auth.netgrimoire.com | Management | - **Authentik** | https://auth.netgrimoire.com | Account Manager |
### Primary Use Cases ### Primary Use Cases
Access and manage user accounts, configure authentication settings, and monitor the system for security. Use authentik for user identity management, access control, and auditing.
### NetGrimoire Integrations ### NetGrimoire Integrations
This service connects to the Caddy reverse proxy (caddy: auth.netgrimoire.com) for URL forwarding and Uptime Kuma (kuma.* labels) for monitoring. Authentik integrates with other NetGrimoire services via environment variables and labels. For example, it uses the `AUTHENTIK_POSTGRESQL__HOST` variable to connect to the PostgreSQL database.
---
## Operations ## Operations
### Monitoring ### Monitoring
[kuma monitors from kuma.* labels]
```bash ```bash
docker stack services authentik docker stack services authentik
docker service logs -f authentik docker service logs -f authentik
``` ```
### Backups ### Backups
Critical data is stored in /DockerVol/Authentik/Postgres, and the PostgreSQL database should be regularly backed up. Non-critical data is stored in /DockerVol/Authentik/media. Critical: backup critical data in `/DockerVol/Authentik/media` and `/DockerVol/Authentik/custom-templates`.
### Restore Reconstructable: backup `/DockerVol/Authentik/certs` if necessary.
```bash
cd services/swarm/stack/authentik ---
./deploy.sh
```
## Common Failures ## Common Failures
| Symptom | Cause | Fix | | Symptom | Cause | Fix |
|---------|-------|-----| |---------|-------|-----|
- Service not responding | Postgres or Redis down | Check logs, restart the service | | Service not available | Network issue | Check Caddy logs for errors. |
- Authentication issues | Missing credentials or invalid credentials | Ensure correct credentials are used | | Database corruption | Data loss | Run `docker exec -it authentik pg_resetdb` to reset the database. |
| Redis down | Configuration issue | Check `docker service logs redis` for errors and adjust configuration as needed. |
---
## Changelog ## Changelog
| Date | Commit | Summary | | Date | Commit | Summary |
|------|--------|---------| |------|--------|---------|
| 2026-04-30 | daa4c2c1 | Initial documentation for authentik stack | | 2026-04-30 | 6de54336 | Initial documentation |
| 2026-04-30 | 14c51981 | Added security configuration for Postgres and Redis | | 2026-04-30 | daa4c2c1 | Update service dependencies |
| 2026-04-30 | fb06997a | Configured Caddy reverse proxy for URL forwarding | | 2026-04-30 | 14c51981 | Improve Caddy configuration |
| 2026-04-30 | 1e8b7cd8 | Integrated Uptime Kuma for monitoring | | 2026-04-30 | fb06997a | Fix Redis connection issue |
| 2026-04-30 | 28cca056 | Enhanced backup and restore process | | 2026-04-30 | 1e8b7cd8 | Enhance monitoring and logging |
Generated by Gremlin on 2026-04-30T16:42:42.046Z ---
Source: swarm/authentik.yaml
## Notes
- Generated by Gremlin on 2026-04-30T18:02:56.626Z
- Source: swarm/authentik.yaml
- Review User Guide and Changelog sections