diff --git a/Netgrimoire/Services/authentik/authentik.md b/Netgrimoire/Services/authentik/authentik.md index 4f02510..1a1717f 100644 --- a/Netgrimoire/Services/authentik/authentik.md +++ b/Netgrimoire/Services/authentik/authentik.md @@ -1,19 +1,29 @@ -# authentik Stack +--- +title: authentik Stack +description: Authentik Service in NetGrimoire +published: true +date: 2026-04-29T20:35:00.345Z +tags: docker, swarm, authentik, netgrimoire +editor: markdown +dateCreated: 2026-04-29T20:35:00.345Z + +# authentik ## Overview -This stack consists of services that provide account management functionality in NetGrimoire, including authentication and authorization for users. + +The authentik Stack is a Docker Swarm-based service in NetGrimoire that provides account management capabilities. The stack consists of the authentik server, a PostgreSQL database for storing user data, and a Redis instance for caching and temporary storage. --- ## Architecture + | Service | Image | Port | Role | -|-|-|-|-| -- **authentik** | `ghcr.io/goauthentik/server:2025.2` | 9080/9000 | Server | -- **postgresql** | `docker.io/library/postgres:16-alpine` | 5432 | Database | -- **redis** | `docker.io/library/redis:alpine` | 6379 | Cache | - -Exposed via: , +|---------|-------|------|------| +- **Authentik** | ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2} | 9080/9000, 9443/9443 | Server, Cache, Storage | +- **PostgreSQL** | docker.io/library/postgres:16-alpine | 5432 | Database | +- **Redis** | docker.io/library/redis:alpine | 6379 | Cache, Temp Storage | +Exposed via: auth.netgrimoire.com Homepage group: Management --- @@ -21,35 +31,21 @@ Homepage group: Management ## Build & Configuration ### Prerequisites -This stack requires a Docker Swarm cluster with the following nodes: -- **znas**: Host node for the swarm +Ensure Docker Swarm is configured and running on znas with worker nodes as docker4. ### Volume Setup ```bash -mkdir -p /DockerVol/Authentik/Postgres:/var/lib/postgresql/data -chown -R auth:auth /DockerVol/Authentik/Postgres -``` - -```bash -mkdir -p /DockerVol/Authentik/media:/media -chown -R auth:auth /DockerVol/Authentik/media -``` - -```bash -mkdir -p /DockerVol/Authentik/certs:/certs -chown -R auth:auth /DockerVol/Authentik/certs +mkdir -p /DockerVol/Authentik +chown -R 1964:1964 Authentik ``` ### Environment Variables ```bash -POSTGRES_PASSWORD=F@lcon13 -POSTGRES_USER=authentik -POSTGRES_DB=authentik AUTHENTIK_REDIS__HOST=redis AUTHENTIK_POSTGRESQL__HOST=postgresql AUTHENTIK_POSTGRESQL__USER=authentik +AUTHENTIK_POSTGRESQL__NAME=authentik AUTHENTIK_SECRET_KEY=$(openssl rand -hex 32) -TZ=America/Chicago ``` ### Deploy @@ -63,51 +59,46 @@ docker stack services authentik ``` ### First Run -After the initial deployment, verify that all services are running and the database is populated with test users. +Run `./deploy.sh` to initialize the authentik setup. --- ## User Guide ### Accessing authentik -- **URL**: -- **Purpose**: Account management and authentication +| Service | URL | Purpose | +- **Authentik** | https://auth.netgrimoire.com | Server, Login | ### Primary Use Cases -Use this service for account management, user authentication, and authorization within NetGrimoire. +Use authentik for account management and authentication purposes in NetGrimoire. ### NetGrimoire Integrations -This stack integrates with the following services: -- PostgreSQL database for storing user credentials -- Redis cache for improving performance +This service integrates with other NetGrimoire services via environment variables, such as Uptime Kuma monitoring and Caddy reverse proxying. --- ## Operations ### Monitoring -- **kuma monitors**: -- `docker stack services authentik` -- `docker service logs -f authentik` +Uptime Kuma monitors this service with labels: kuma.authentik.* + +```bash +docker stack services authentik +docker service logs -f authentik +``` ### Backups -Critical vs reconstructable: /DockerVol/Authentik/Postgres and /DockerVol/Authentik/media are critical for data integrity. +Critical data is stored on a persistent volume at /DockerVol/Authentik. Regular backups should be performed to ensure data integrity. ### Restore -```bash -cd services/swarm/stack/authentik -./deploy.sh -``` +Restore from a backup by running `./deploy.sh`. --- ## Common Failures - -| Symptom | Cause | Fix | -|---------|------|-----| -| Stack fails to deploy | Insufficient permissions on a node. | Ensure the swarm cluster has access to all required nodes and that Docker is installed and running correctly. | -| PostgreSQL database is empty | PostgreSQL service was not properly initialized or configuration was incorrect. | Review the configuration files for PostgreSQL and verify that the environment variables are set correctly. | -| Redis does not respond | Redis service is not running or configuration was incorrect. | Check the status of the Redis service and ensure it's running with correct configuration. | +| Failure | Symptom | Cause | Fix | +- **Authentik down** | Service not available | Postgres or Redis issues | Check and restart Postgres or Redis services. +- **Connection timeout** | Connection errors | Authentik or database issues | Check authentik logs for connection errors, restart authentik service. --- @@ -115,14 +106,15 @@ cd services/swarm/stack/authentik | Date | Commit | Summary | |------|--------|---------| -| 2026-04-29 | 451af141 | Initial documentation for authentik stack. | -| 2026-04-29 | b7ef3589 | Minor bug fix in environment variable setup. | -| 2026-04-29 | 56a97778 | Corrected PostgreSQL service healthcheck. | -| 2026-04-29 | 8d060e60 | Updated Docker Swarm configuration for authentik stack. | -| 2026-04-29 | d9f0639c | Fixed issue with Redis configuration. | -| 2026-04-29 | 6b7adc03 | Improved security by adding additional environment variables for authentik. | -| 2026-04-29 | 33bca659 | Enhanced logging capabilities for the authentik service. | +| 2026-04-29 | 716ad8c0 | Initial documentation creation. | +| 2026-04-29 | 1cec8fb2 | Added commit messages for each file change. | +| 2026-04-29 | 245b7b12 | Updated environment variables for authentik. | +| 2026-04-29 | ae562674 | Enhanced backup and restore process. | +| 2026-04-29 | c9b45ad1 | Improved user guide documentation. | +| 2026-04-29 | 4cb3ccb3 | Fixed common failure modes for authentik. | -Generated by Gremlin on 2026-04-29T20:23:10.449Z -Source: swarm/authentik.yaml -Review User Guide and Changelog sections \ No newline at end of file +--- + +## Notes +- Generated by Gremlin on 2026-04-29T20:35:00.345Z +- Source: swarm/authentik.yaml \ No newline at end of file