From a21edb357f68bc21c5146ca76b1b06e6994518db Mon Sep 17 00:00:00 2001
From: RealStickman <mrc@frm01.net>
Date: Sun, 26 Feb 2023 21:18:12 +0100
Subject: [PATCH] Update authentik page

---
 pages/02.linux/authentik/default.en.md | 122 ++++++++++++++-----------
 1 file changed, 67 insertions(+), 55 deletions(-)

diff --git a/pages/02.linux/authentik/default.en.md b/pages/02.linux/authentik/default.en.md
index 4fcdabe..dce5fb8 100644
--- a/pages/02.linux/authentik/default.en.md
+++ b/pages/02.linux/authentik/default.en.md
@@ -11,13 +11,14 @@ visible: false
 
 ```sh
 podman network create net_authentik
-podman pod create --name pod_authentik --network net_authentik -p
+podman pod create --name pod_authentik --network net_authentik -p 9000:9000 -p 9443:9443
 ```
 
 #### Port Mappings
 
 ```
-
+9000: Authentik HTTP
+9443: Authentik HTTPS
 ```
 
 ### Database
@@ -25,9 +26,9 @@ podman pod create --name pod_authentik --network net_authentik -p
 ```sh
 podman run --name authentik_db \
     -e PGDATA=/var/lib/postgresql/data/pgdata \
-    -e POSTGRES_USER=authentik \
-    -e POSTGRES_PASSWORD=authentik \
-    -e POSTGRES_DB=authentik \
+    -e POSTGRES_USER={DB USER} \
+    -e POSTGRES_PASSWORD={DB PASS} \
+    -e POSTGRES_DB={DB NAME} \
     -v /mnt/authentik_db:/var/lib/postgresql/data \
     --pod pod_authentik \
     -d docker.io/postgres:14
@@ -47,61 +48,72 @@ podman run --name authentik_redis \
 
 https://goauthentik.io/docs/installation/docker-compose
 
-```yaml
-server:
-  image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.9.0}
-  restart: unless-stopped
-  command: server
-  environment:
-    AUTHENTIK_REDIS__HOST: redis
-    AUTHENTIK_POSTGRESQL__HOST: postgresql
-    AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
-    AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
-    AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
-    # AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
-  volumes:
-    - ./media:/media
-    - ./custom-templates:/templates
-    - geoip:/geoip
-  env_file:
-    - .env
-  ports:
-    - "0.0.0.0:${AUTHENTIK_PORT_HTTP:-9000}:9000"
-    - "0.0.0.0:${AUTHENTIK_PORT_HTTPS:-9443}:9443"
-```
-
-```
+Generate `PG_PASS` and `AUTHENTIK_SECRET_KEY` using `openssl rand -base64 40 / 50`
 
+```sh
+podman run --name authentik_server \
+    -e PG_PASS={RANDOM PASS} \
+    -e AUTHENTIK_SECRET_KEY={RANDOM SECRET} \
+    -e AUTHENTIK_REDIS__HOST=authentik_redis \
+    -e AUTHENTIK_POSTGRESQL__HOST=authentik_db \
+    -e AUTHENTIK_POSTGRESQL__USER={DB USER} \
+    -e AUTHENTIK_POSTGRESQL__NAME={DB NAME} \
+    -e AUTHENTIK_POSTGRESQL__PASSWORD={DB PASS} \
+    # SMTP Host Emails are sent to
+    -e AUTHENTIK_EMAIL__HOST={SMTP SERVER} \
+    -e AUTHENTIK_EMAIL__PORT=465 \
+    # Optionally authenticate (don't add quotation marks to your password)
+    -e AUTHENTIK_EMAIL__USERNAME={SMTP USER} \
+    -e AUTHENTIK_EMAIL__PASSWORD={SMTP PASS} \
+    # Use StartTLS
+    -e AUTHENTIK_EMAIL__USE_TLS=false \
+    # Use SSL
+    -e AUTHENTIK_EMAIL__USE_SSL=true \
+    -e AUTHENTIK_EMAIL__TIMEOUT=10 \
+    # Email address authentik will send from, should have a correct @domain
+    -e AUTHENTIK_EMAIL__FROM={EMAIL} \
+    -v /mnt/authentik/media:/media \
+    -v /mnt/authentik/templates:/templates \
+    -v /mnt/authentik/geoip:/geoip \
+    --pod pod_authentik \
+    -d ghcr.io/goauthentik/server:latest \
+    server
 ```
 
 ### Application Worker
 
-```yaml
-worker:
-  image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.9.0}
-  restart: unless-stopped
-  command: worker
-  environment:
-    AUTHENTIK_REDIS__HOST: redis
-    AUTHENTIK_POSTGRESQL__HOST: postgresql
-    AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
-    AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
-    AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
-    # AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
-  # This is optional, and can be removed. If you remove this, the following will happen
-  # - The permissions for the /media folders aren't fixed, so make sure they are 1000:1000
-  # - The docker socket can't be accessed anymore
-  user: root
-  volumes:
-    - ./media:/media
-    - ./certs:/certs
-    - /var/run/docker.sock:/var/run/docker.sock
-    - ./custom-templates:/templates
-    - geoip:/geoip
-  env_file:
-    - .env
+```sh
+podman run --name authentik_worker \
+    -e PG_PASS={RANDOM PASS} \
+    -e AUTHENTIK_SECRET_KEY={RANDOM SECRET} \
+    -e AUTHENTIK_REDIS__HOST=authentik_redis \
+    -e AUTHENTIK_POSTGRESQL__HOST=authentik_db \
+    -e AUTHENTIK_POSTGRESQL__USER={DB USER} \
+    -e AUTHENTIK_POSTGRESQL__NAME={DB NAME} \
+    -e AUTHENTIK_POSTGRESQL__PASSWORD={DB PASS} \
+    # SMTP Host Emails are sent to
+    -e AUTHENTIK_EMAIL__HOST={SMTP SERVER} \
+    -e AUTHENTIK_EMAIL__PORT=465 \
+    # Optionally authenticate (don't add quotation marks to your password)
+    -e AUTHENTIK_EMAIL__USERNAME={SMTP USER} \
+    -e AUTHENTIK_EMAIL__PASSWORD={SMTP PASS} \
+    # Use StartTLS
+    -e AUTHENTIK_EMAIL__USE_TLS=false \
+    # Use SSL
+    -e AUTHENTIK_EMAIL__USE_SSL=true \
+    -e AUTHENTIK_EMAIL__TIMEOUT=10 \
+    # Email address authentik will send from, should have a correct @domain
+    -e AUTHENTIK_EMAIL__FROM={EMAIL} \
+    -v /mnt/authentik/media:/media \
+    -v /mnt/authentik/certs:/certs \
+    -v /mnt/authentik/templates:/templates \
+    -v /mnt/authentik/geoip:/geoip \
+    --pod pod_authentik \
+    -d ghcr.io/goauthentik/server:latest \
+    worker
 ```
 
-```
+## Setup
 
-```
+After starting all containers, visit the path `https://{SERVER IP}:{PORT}/if/flow/initial-setup/` in your browser.  
+The default user is called `akadmin`