# https://github.com/brokenscripts/authentik_traefik Pre-requisite: traefik needs to be installed as per traefik folder ..\traefik Create user and group --------------------- Credentials -> Local Users -> Add Full Name: authentik Username: authentik Disable Password: Create Home Directory: Samba Authentication: Save PUID: 3014 PGID: 3013 Update .env file accordingly (PUID, PGID) Create datasets --------------- # In Truenas shell: # list datasets zfs list | grep -i "docker.*authentik" # create following datasets if not present zfs create SSD1/docker/data/authentik zfs create SSD1/docker/data/authentik/appdata zfs create SSD1/docker/data/authentik/pgdata chown -R authentik:authentik /mnt/SSD1/docker/data/authentik chown -R postgres:postgres /mnt/SSD1/docker/data/authentik/pgdata Create folders -------------- In Truenas shell: mkdir -p /opt/stacks/authentik/secrets mkdir -p /mnt/SSD1/docker/data/authentik/appdata/redis/data mkdir -p /mnt/SSD1/docker/data/authentik/appdata/geoip/data mkdir /mnt/SSD1/docker/data/authentik/appdata/media mkdir /mnt/SSD1/docker/data/authentik/appdata/custom-templates chown -R authentik:authentik /mnt/SSD1/docker/data/authentik/appdata/ Copy folders to docker stacks ----------------------------- In Windows cmd shell in authentik parent (apps) folder: ./cp2nas 10.0.0.20 authentik # or pscp -P 22 -r authentik/stacks/*.* root@10.0.0.20:/mnt/SSD1/docker/stacks/authentik/ pscp -P 22 -r authentik/traefik-rules/*.* root@10.0.0.20:/mnt/SSD1/docker/stacks/traefik/rules/ Create secrets -------------- # In Docker shell: # install pwgen: sudo apt-get install -y pwgen echo -n $(pwgen -s 40 1) > /opt/stacks/authentik/secrets/authentik_postgresql_password echo -n $(pwgen -s 50 1) > /opt/stacks/authentik/secrets/authentik_secret_key In Truenas shell: cd /mnt/SSD1/docker/stacks/authentik/secrets echo -n 'your_postgresql_database_name' > /mnt/SSD1/docker/stacks/authentik/secrets/authentik_postgresql_database echo -n 'your_postgresql_username' > /mnt/SSD1/docker/stacks/authentik/secrets/authentik_postgresql_username # openssl rand 36 | base64 -w 0 > /mnt/SSD1/docker/stacks/authentik/secrets/authentik_postgresql_password # openssl rand 60 | base64 -w 0 > /mnt/SSD1/docker/stacks/authentik/secrets/authentik_secret_key echo -n 'your_smtp_username' > /mnt/SSD1/docker/stacks/authentik/secrets/smtp_username echo -n 'your_smtp_password' > /mnt/SSD1/docker/stacks/authentik/secrets/smtp_password chown -R authentik:authentik /mnt/SSD1/docker/stacks/authentik/secrets/ chmod -R 400 /mnt/SSD1/docker/stacks/authentik/secrets/ # read existing acl permissions, if any getfacl /mnt/SSD1/docker/stacks/authentik/secrets # set acl permissions setfacl -m u:postgres:4 /mnt/SSD1/docker/stacks/authentik/secrets setfacl -m u:postgres:4 /mnt/SSD1/docker/stacks/authentik/secrets/authentik_postgresql_password setfacl -m u:postgres:4 /mnt/SSD1/docker/stacks/authentik/secrets/authentik_postgresql_username setfacl -m u:postgres:4 /mnt/SSD1/docker/stacks/authentik/secrets/authentik_postgresql_database # NB! if you want to remove all acl entries from a folder recursively, use setfacl -b -R # to list secrets in secrets dir cd /mnt/SSD1/docker/stacks/authentik/secrets for i in $(ls -1); do echo $i = `cat $i`; done | sort Start authentik --------------- # Refresh / start Dockge # Update and start authentik Setup ----- # Follow the instructions at https://github.com/brokenscripts/authentik_traefik/blob/traefik3/README.md or authentik_setup_jm.txt to setup authentik