Files

Joakim b42ee2a22b Fix: Complete authentik Quadlet implementation with networking solution

Resolves authentik deployment issues by implementing proper Podman Quadlet
configuration and fixing networking for external access through Caddy.

Core Fixes:
• Add missing [Install] sections to container Quadlet files for systemd service generation
• Fix pod references from 'systemd-authentik' to 'authentik.pod' for proper Quadlet linking
• Remove problematic --userns=host to use proper rootless user namespaces
• Configure subuid/subgid ranges for authentik user (200000:65536)
• Update networking to bind 0.0.0.0:9000 only (remove unnecessary HTTPS port 9443)
• Add AUTHENTIK_LISTEN__HTTP=0.0.0.0:9000 environment configuration
• Fix Caddy reverse proxy to use HTTP backend instead of HTTPS

Infrastructure Updates:
• Enhance PostgreSQL role with Unix socket configuration and user management
• Improve Valkey role with proper systemd integration and socket permissions
• Add comprehensive service integration documentation
• Update deployment playbooks with backup and restore capabilities

Security Improvements:
• Secure network isolation with Caddy SSL termination
• Reduced attack surface by removing direct HTTPS container exposure
• Proper rootless container configuration with user namespace mapping

Result: authentik now fully operational with external HTTPS access via auth.jnss.me
All systemd services (authentik-pod, authentik-server, authentik-worker) running correctly.

2025-12-04 19:42:31 +01:00

1.1 KiB

Raw Blame History

Rick's Infra

Arch Linux VPS

Ansible

Infrastructure as code for setting up new instance.

Security
- SSH
- Firewall
- Fail2ban
- Kernel hardening
Base packages
Monitoring/Logging
Backup

Services

Services are managed by serviced

Caddy

Reverse proxy.

Containers

Containers are managed by rootless Podman.

Documentation

Service Integration

Service Integration Guide - How to add containerized services with PostgreSQL/Valkey access

Role Documentation

Authentik Role - Authentication service with Unix socket implementation
PostgreSQL Role - Database service with Unix socket support
Valkey Role - Cache service with Unix socket support
Caddy Role - Reverse proxy and SSL termination

Infrastructure Guides

Deployment Guide - Complete deployment walkthrough
Security Hardening - Security configuration and best practices

1.1 KiB Raw Blame History

Rick's Infra

Arch Linux VPS

Ansible

Services

Caddy

Containers

Documentation

Service Integration

Role Documentation

Infrastructure Guides

1.1 KiB

Raw Blame History