TrueNAS/docker-apps
TrueNAS/docker-apps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4505de274c
docker-apps/authentik/authentik_jm.txt
Chris d067d5f1f7 first commit
2025-04-03 22:57:52 +02:00

89 lines
3.5 KiB
Plaintext
Raw Blame History

# https://github.com/brokenscripts/authentik_traefik
Pre-requisite:
traefik needs to be installed as per traefik folder ..\traefik
Create user and group
---------------------
Credentials -> Local Users -> Add
Full Name: authentik
Username: authentik
Disable Password: <select>
Email: <leave blank>
Create New Primary Group: <select>
Create Home Directory: <uncheck>
Samba Authentication: <uncheck>
Save
PUID: 3014
PGID: 3013
Update .env file accordingly (PUID, PGID)
Create datasets
---------------
# In Truenas shell:
# list datasets
zfs list | grep -i "docker.*authentik"
# create following datasets if not present
zfs create SSD1/docker/data/authentik
zfs create SSD1/docker/data/authentik/appdata
zfs create SSD1/docker/data/authentik/pgdata
chown -R authentik:authentik /mnt/SSD1/docker/data/authentik
chown -R postgres:postgres /mnt/SSD1/docker/data/authentik/pgdata
Create folders
--------------
In Truenas shell:
mkdir -p /opt/stacks/authentik/secrets
mkdir -p /mnt/SSD1/docker/data/authentik/appdata/redis/data
mkdir -p /mnt/SSD1/docker/data/authentik/appdata/geoip/data
mkdir /mnt/SSD1/docker/data/authentik/appdata/media
mkdir /mnt/SSD1/docker/data/authentik/appdata/custom-templates
chown -R authentik:authentik /mnt/SSD1/docker/data/authentik/appdata/
Copy folders to docker stacks
-----------------------------
In Windows cmd shell in authentik parent (apps) folder:
./cp2nas 10.0.0.20 authentik
# or
pscp -P 22 -r authentik/stacks/*.* root@10.0.0.20:/mnt/SSD1/docker/stacks/authentik/
pscp -P 22 -r authentik/traefik-rules/*.* root@10.0.0.20:/mnt/SSD1/docker/stacks/traefik/rules/
Create secrets
--------------
# In Docker shell:
# install pwgen:
sudo apt-get install -y pwgen
echo -n $(pwgen -s 40 1) > /opt/stacks/authentik/secrets/authentik_postgresql_password
echo -n $(pwgen -s 50 1) > /opt/stacks/authentik/secrets/authentik_secret_key
In Truenas shell:
cd /mnt/SSD1/docker/stacks/authentik/secrets
echo -n 'your_postgresql_database_name' > /mnt/SSD1/docker/stacks/authentik/secrets/authentik_postgresql_database
echo -n 'your_postgresql_username' > /mnt/SSD1/docker/stacks/authentik/secrets/authentik_postgresql_username
# openssl rand 36 | base64 -w 0 > /mnt/SSD1/docker/stacks/authentik/secrets/authentik_postgresql_password
# openssl rand 60 | base64 -w 0 > /mnt/SSD1/docker/stacks/authentik/secrets/authentik_secret_key
echo -n 'your_smtp_username' > /mnt/SSD1/docker/stacks/authentik/secrets/smtp_username
echo -n 'your_smtp_password' > /mnt/SSD1/docker/stacks/authentik/secrets/smtp_password
chown -R authentik:authentik /mnt/SSD1/docker/stacks/authentik/secrets/
chmod -R 400 /mnt/SSD1/docker/stacks/authentik/secrets/
# read existing acl permissions, if any
getfacl /mnt/SSD1/docker/stacks/authentik/secrets
# set acl permissions
setfacl -m u:postgres:4 /mnt/SSD1/docker/stacks/authentik/secrets
setfacl -m u:postgres:4 /mnt/SSD1/docker/stacks/authentik/secrets/authentik_postgresql_password
setfacl -m u:postgres:4 /mnt/SSD1/docker/stacks/authentik/secrets/authentik_postgresql_username
setfacl -m u:postgres:4 /mnt/SSD1/docker/stacks/authentik/secrets/authentik_postgresql_database
# NB! if you want to remove all acl entries from a folder recursively, use setfacl -b -R <foldername>
# to list secrets in secrets dir
cd /mnt/SSD1/docker/stacks/authentik/secrets
for i in $(ls -1); do echo $i = `cat $i`; done | sort
Start authentik
---------------
# Refresh / start Dockge
# Update and start authentik
Setup
-----
# Follow the instructions at https://github.com/brokenscripts/authentik_traefik/blob/traefik3/README.md or authentik_setup_jm.txt to setup authentik
Reference in New Issue View Git Blame Copy Permalink