traveler/Netgrimoire
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Netgrimoire/Netgrimoire/Services/authentik/authentik.md

4 KiB
Raw Blame History

authentik Stack

Overview

This stack provides a comprehensive suite of services for managing authentication and authorization in NetGrimoire, including an Authentik server, PostgreSQL database, Redis cache, and Caddy reverse proxy.

Architecture

| Service | Image | Port | Role | |- authentik | ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2} | 9080:9000, 9443:9443 | Server | |- postgresql | docker.io/library/postgres:16-alpine | - | Database | |- redis | docker.io/library/redis:alpine | - | Cache | |Host:** docker4 |Network:** netgrimoire |Exposed via:** auth.netgrimoire.com, authentik:9000 |Homepage group:** Management

Build & Configuration

Prerequisites

  • Docker Swarm manager and worker nodes must be running.

Volume Setup

mkdir -p /DockerVol/Postgres
mkdir -p /DockerVol/Redis
chown -R postgres:postgres /DockerVol/Postgres
chown -R redis:/redis /DockerVol/Redis

Environment Variables

# generate: openssl rand -hex 32 for secrets
POSTGRES_PASSWORD=F@lcon13
POSTGRES_USER=authentik
POSTGRES_DB=authentik
AUTHENTIK_REDIS__HOST=redis
AUTHENTIK_POSTGRESQL__HOST=postgresql
AUTHENTIK_SECRET_KEY=g8JIvopgkcpIeRUKgfT5KwHFUwGNBFobwhHMHx08wPTJTtAlmqllAwmr6u4jk+ng8O1gbV/gwZnYylMn

Deploy

cd services/swarm/stack/authentik
set -a && source .env && set +a
docker stack config --compose-file authentik-stack.yml > resolved.yml
docker stack deploy --compose-file resolved.yml authentik
rm resolved.yml
docker stack services authentik

First Run

  • After initial deployment, the Authentik server will need to be configured with a valid certificate and key.
  • The PostgreSQL database will require its password reset.

User Guide

Accessing authentik

| Service | URL | Purpose | |- authentik | https://auth.netgrimoire.com | Server interface |

Primary Use Cases

  • Configure Authentik to manage user accounts and authentication for NetGrimoire services.
  • Utilize the Authentik server to provision and manage certificates for internal applications.

NetGrimoire Integrations

  • The Authentik server connects to the PostgreSQL database for user account management.
  • The Redis cache is used to store session information.

Operations

Monitoring

| Monitor | Service | |- kuma | authentik, postgresql, redis |

docker stack services authentik
docker service logs -f authentik

Backups

  • Critical: /DockerVol/Postgres and /DockerVol/Redis
  • Reconstructable: All data stored in the Authentik database can be reconstructed using backups of the PostgreSQL database.

Restore

cd services/swarm/stack/authentik
./deploy.sh

Common Failures

| Failure Mode | Symptom | Cause | Fix | |- Service unavailable | The authentik server is not responding. | Insufficient resources on the node hosting Authentik. | Scale up the node or add additional resources to improve performance. | |- Database connection issues | PostgreSQL cannot connect to the database due to incorrect credentials. | Incorrect password or missing connection details in the environment variables file. | Review and correct the environment variable file, or reset the PostgreSQL password. | |- Cache issue | Redis is not responding. | Insufficient resources on the node hosting Redis. | Scale up the node or add additional resources to improve performance. |

Changelog

Date Commit Summary
2026-04-29 d16493e5 Initial documentation for the authentik stack.
2026-04-29 29f9dc21 Updated Docker Swarm configuration to support improved resource allocation.
2026-04-29 0fd55831 Added new environment variable to improve Redis performance.
2026-04-29 d4fdcd33 Implemented a new caching layer using Redis for the Authentik server.
2026-01-20 061ab0c2 Updated configuration files to reflect changes in the Authentik image.

Notes

  • Generated by Gremlin on 2026-04-29T20:13:00.008Z
  • Source: swarm/authentik.yaml
  • Review User Guide and Changelog sections