From da73a776c62709e5b4a711207f75233d4204297e Mon Sep 17 00:00:00 2001 From: peskyadmin Date: Mon, 14 Apr 2025 16:45:21 -0500 Subject: [PATCH] WIP --- README.md | 74 ++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 46 insertions(+), 28 deletions(-) diff --git a/README.md b/README.md index d2ada6a..84b1cc5 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ -# {{Service}} with Tailscale Integration +# Authentik with Tailscale Integration -![{{Service}} with Tailscale](https://jellyfin.org/images/logo.svg "{{Service}}") +![Authentik with Tailscale](https://goauthentik.io/img/icon_left_brand.svg "Authentik") -This project sets up a {{Service}} instance with Tailscale VPN integration using Docker Compose. It creates a secure, private network connection for your {{Service}} instance using Tailscale. +This project sets up a Authentik instance with Tailscale VPN integration using Docker Compose. It creates a secure, private network connection for your Authentik instance using Tailscale. ## Prerequisites @@ -12,33 +12,40 @@ This project sets up a {{Service}} instance with Tailscale VPN integration using ## Project Structure ``` -ts-{{service}}/ +ts-authentik/ ├── docker-compose.yml ├── tailscale/ -│ ├── tailscale-data/ # Persistent Tailscale state -│ └── config/ # Tailscale configuration files -└── {{service}}/ - └── config/ # {{service}} configuration files +│ ├── tailscale-data/ # Persistent Tailscale state +│ └── config/ # Tailscale configuration files +├── authentik/ +│ ├── media/ # Authentik Files +│ └── templates/ # Authentik Files +├── postgres/ +│ └── data/ # Postgres data +├── redis/ +│ └── data/ # Redis persistent state +└── authentik-worker/ + └── certs/ # Authetik Worker files ``` ## Setup Instructions 1. **Clone the Repository** ```bash - git clone https://gitea.damconsulting.llc/DAM/ts-{{service}} - cd ts-{{service}} + git clone https://gitea.damconsulting.llc/DAM/ts-authentik + cd ts-authentik ``` 2. Create Required Directories ```bash - mkdir -p tailscale/tailscale-data + mkdir -p tailscale/tailscale-data authentik/media authentik/templates postgres/data redis/data authentik-worker/certs ``` 3. Configure Tailscale - Replace `{{YOUR_TAILSCALE_AUTHKEY}}` in the docker-compose.yml with your actual Tailscale auth key - Optionally, update the file in `tailscale/config/serve.json` if you need specific Tailscale serve configurations - CAUTION: Changing `"${TS_CERT_DOMAIN}:443": false` to `true` will expose the service to the internet -4. Configure {{Service}} - - See {{service_docs}} for configuration options +4. Configure Authentik + - See [docs](https://docs.goauthentik.io/docs/) for configuration options 5. Start the Services ```bash @@ -48,30 +55,42 @@ ts-{{service}}/ 6. Wait for Certificate to propagate [~2m] 7. Login - - After starting the services your service should be available via tailnet at https://{{service}}.{{YOUR_TAILNET_DOMAIN}}.ts.net ie https://{{service}}.tail12345.ts.net/ + - After starting the services your service should be available via tailnet at https://authentik.{{YOUR_TAILNET_DOMAIN}}.ts.net ie https://authentik.tail12345.ts.net/ ## Services -### {{service}}-ts (Tailscale) +### authentik-ts (Tailscale) - Runs Tailscale VPN client - Image: tailscale/tailscale:latest -- Container name: {{service}}-ts -- Hostname: {{service}} +- Container name: authentik-ts +- Hostname: authentik - Requires NET_ADMIN and SYS_MODULE capabilities - Persists state in ./tailscale/tailscale-data - Uses configuration from ./tailscale/config -### {{service}} +### authentik -- Depends on {{service}}-ts service +- Depends on authentik-ts service + +### authentik-worker + +- Depends on authentik-ts service + +### authentik-redis + +- Depends on authentik-ts service + +### authentik-postgres + +- Depends on authentik-ts service ## Usage -- After starting the services your service should be available via tailnet at `https://{{service}}.{{YOUR_TAILNET_DOMAIN}}.ts.net` ie `https://{{service}}.tail12345.ts.net/` +- After starting the services your service should be available via tailnet at `https://authentik.{{YOUR_TAILNET_DOMAIN}}.ts.net` ie `https://authentik.tail12345.ts.net/` - To manually get the Tailscale IP/hostname of your container: ```bash - docker logs {{service}}-ts + docker logs authentik-ts ``` Look for the Tailscale IP address in the logs. @@ -80,7 +99,7 @@ ts-{{service}}/ - Uncomment and adjust the ports mapping if you need direct access (without Tailscale): ```yaml ports: - - 3000:3000 + - 9000:9000 ``` - Stopping the Services ```bash @@ -90,19 +109,18 @@ ts-{{service}}/ ## Troubleshooting - Check container logs: ```bash - docker logs {{service}}-ts - docker logs {{service}} + docker logs authentik-ts + docker logs authentik ``` - Ensure your Tailscale auth key is valid and not expired - Verify the configuration files have proper permissions - Make sure required directories exist before starting ## Notes -- The {{Service}} service uses the Tailscale service's network stack via `network_mode: service:{{service}}-ts` +- The Authentik service uses the Tailscale service's network stack via `network_mode: service:authentik-ts` - Direct port mapping is disabled by default as Tailscale handles the networking - Services restart automatically unless explicitly stopped - For more information: - Tailscale documentation: https://tailscale.com/kb/ - - {{Service}} documentation: {{service_docs}} - - {{Service}} repository: {{service_repo}} - - {{Service}} linuxserve.io: {{service_lcsr}} \ No newline at end of file + - Authentik documentation: https://docs.goauthentik.io/docs/ + - Authentik repository: https://github.com/goauthentik/authentik \ No newline at end of file