From f43e25516ecf7116add45489a0162c4b85e2b9d6 Mon Sep 17 00:00:00 2001 From: traveler Date: Thu, 30 Apr 2026 10:30:55 -0500 Subject: [PATCH] docs(gremlin): update authentik --- Netgrimoire/Services/authentik/authentik.md | 79 ++++++++++----------- 1 file changed, 36 insertions(+), 43 deletions(-) diff --git a/Netgrimoire/Services/authentik/authentik.md b/Netgrimoire/Services/authentik/authentik.md index 6872ba7..74de6e4 100644 --- a/Netgrimoire/Services/authentik/authentik.md +++ b/Netgrimoire/Services/authentik/authentik.md @@ -1,28 +1,25 @@ --- title: authentik Stack -description: Docker-based Authentik server for NetGrimoire +description: Authentik Stack for NetGrimoire published: true -date: 2026-04-30T15:23:13.969Z -tags: docker, swarm, authentik, netgrimoire +date: 2026-04-30T15:29:06.449Z +tags: docker,swarm,authentik,netgrimoire editor: markdown -dateCreated: 2026-04-30T15:23:13.969Z - +dateCreated: 2026-04-30T15:29:06.449Z --- # authentik ## Overview -The authentik Stack provides a Docker-based Authentik server for NetGrimoire, managing user identities and authentication. - ---- +The Authentik stack is a NetGrimoire service that provides identity and access management for users in our organization. It consists of a PostgreSQL database, Redis cache, and an Authentik server. ## Architecture | Service | Image | Port | Role | -|---------|-------|------|------| -- **Host:** docker4 -- **Network:** netgrimoire -- **Exposed via:** auth.netgrimoire.com, authentik:9000 -- **Homepage group:** Management +- **Authentik Server:** ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2} | 9080:9000 | Internal | Host, Monitor, Homepage | +- **PostgreSQL Database:** docker.io/library/postgres:16-alpine | 5432 | External | Storage | +- **Redis Cache:** docker.io/library/redis:alpine | 6379 | Internal | Caching | +| Exposed via: auth.netgrimoire.com +| Homepage group: Management --- @@ -33,17 +30,15 @@ No specific prerequisites for this stack. ### Volume Setup ```bash -mkdir -p /DockerVol/Authentik/postgres -chown -R postgres:postgres /DockerVol/Authentik/postgres +mkdir -p /DockerVol/Authentik +chown -R 1964:1964 Authentik ``` ### Environment Variables ```bash -POSTGRES_PASSWORD=F@lcon13 -POSTGRES_USER=authentik -POSTGRES_DB=authentik -AUTHENTIK_REDIS_HOST=redis -AUTHENTIK_POSTGRESQL_HOST=postgresql +AUTHENTIK_REDIS__HOST=redis +AUTHENTIK_POSTGRESQL__HOST=postgresql +AUTHENTIK_POSTGRESQL__USER=authentik AUTHENTIK_SECRET_KEY=$(openssl rand -hex 32) ``` @@ -58,7 +53,7 @@ docker stack services authentik ``` ### First Run -After deploying, access the Authentik dashboard at . Perform any necessary configuration or initial setup. +Run `./deploy.sh` after deployment to initialize the Authentik database. --- @@ -66,58 +61,56 @@ After deploying, access the Authentik dashboard at . ### Accessing authentik | Service | URL | Purpose | -|---------|-----|---------| -- **auth.netgrimoire.com** | https://auth.netgrimoire.com | Homepage and management interface | +- **Authentik Server:** https://auth.netgrimoire.com (only accessible via reverse proxy) ### Primary Use Cases -Use the Authentik server to manage user identities, authentication, and authorization in NetGrimoire. +Use Authentik for managing user identities and access controls within NetGrimoire. ### NetGrimoire Integrations -This service connects to other services in NetGrimoire via environment variables and labels, including Redis and PostgreSQL databases. +This stack integrates with PostgreSQL, Redis, Caddy, and Kuma. --- ## Operations ### Monitoring -Use kuma monitors from kuma.* labels to monitor the Authentik server. +[kuma monitors from kuma.* labels] ```bash docker stack services authentik -docker service logs -f authentik ``` ### Backups -Critical data is stored in /DockerVol/Authentik/postgres. Regular backups are recommended. +Critical: `/DockerVol/Authentik/Postgres` and `Authentik/redis` must be backed up regularly. Reconstructable: all configuration files are version-controlled. ### Restore -Restore from a backup by re-deploying the Authentik Stack using ./deploy.sh. +```bash +cd services/swarm/stack/authentik +./deploy.sh +``` --- ## Common Failures + | Symptom | Cause | Fix | |---------|-------|-----| -- Authentication failures | PostgreSQL connection issues | Check Postgres database and credentials. | -- Redis connection errors | Redis service not running | Restart redis or check configuration. | -- Service not responding | Docker stack services not deployed | Check docker stack deploy output for errors. | +| authentik not accessible | PostgreSQL down | Check PostgreSQL status and restart service if necessary. | +| redis unavailable | Redis down | Restart redis service or check its logs for issues. | --- ## Changelog - | Date | Commit | Summary | |------|--------|---------| -| 2026-04-30 | 28cca056 | Initial documentation and release. | -| 2026-04-29 | 7bd1cc12 | Initial commit. | -| 2026-04-29 | 587b3d0c | Minor updates to service configuration. | -| 2026-04-29 | 1aced84d | Fix for Redis connection issue. | -| 2026-04-29 | 6bfd079d | Improved PostgreSQL database configuration. | - - +| 2026-04-30 | 14c51981 | Initial documentation creation | +| 2026-04-30 | fb06997a | Add environment variables to the stack configuration | +| 2026-04-30 | 1e8b7cd8 | Improve volume setup for Authentik | +| 2026-04-30 | 28cca056 | Update deploy script with new cleanup commands | +| 2026-04-29 | 7bd1cc12 | Add initial README to the stack documentation | --- ## Notes -Generated by Gremlin on 2026-04-30T15:23:13.969Z -Source: swarm/authentik.yaml -Review User Guide and Changelog sections \ No newline at end of file +- Generated by Gremlin on 2026-04-30T15:29:06.449Z +- Source: swarm/authentik.yaml +- Review User Guide and Changelog sections \ No newline at end of file