This commit is contained in:
RealStickman 2023-02-19 15:21:41 +01:00
parent 9d7060f531
commit e0651eea6c
3 changed files with 106 additions and 78 deletions

View File

@ -9,8 +9,10 @@ visible: false
### Network and Pod
`# podman network create net_authentik`
`# podman pod create --name pod_authentik --network net_authentik -p `
```sh
podman network create net_authentik
podman pod create --name pod_authentik --network net_authentik -p
```
#### Port Mappings
@ -21,7 +23,7 @@ visible: false
### Database
```sh
# podman run --name authentik_db \
podman run --name authentik_db \
-e PGDATA=/var/lib/postgresql/data/pgdata \
-e POSTGRES_USER=authentik \
-e POSTGRES_PASSWORD=authentik \
@ -34,7 +36,7 @@ visible: false
### Redis
```sh
# podman run --name authentik_redis \
podman run --name authentik_redis \
-v /mnt/authentik_redis:/data \
--pod pod_authentik \
-d docker.io/redis:7 \
@ -45,27 +47,27 @@ visible: false
https://goauthentik.io/docs/installation/docker-compose
```
server:
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.9.0}
restart: unless-stopped
command: server
environment:
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
# AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
volumes:
- ./media:/media
- ./custom-templates:/templates
- geoip:/geoip
env_file:
- .env
ports:
- "0.0.0.0:${AUTHENTIK_PORT_HTTP:-9000}:9000"
- "0.0.0.0:${AUTHENTIK_PORT_HTTPS:-9443}:9443"
```yaml
server:
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.9.0}
restart: unless-stopped
command: server
environment:
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
# AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
volumes:
- ./media:/media
- ./custom-templates:/templates
- geoip:/geoip
env_file:
- .env
ports:
- "0.0.0.0:${AUTHENTIK_PORT_HTTP:-9000}:9000"
- "0.0.0.0:${AUTHENTIK_PORT_HTTPS:-9443}:9443"
```
```
@ -74,30 +76,30 @@ https://goauthentik.io/docs/installation/docker-compose
### Application Worker
```
```yaml
worker:
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.9.0}
restart: unless-stopped
command: worker
environment:
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
# AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
# This is optional, and can be removed. If you remove this, the following will happen
# - The permissions for the /media folders aren't fixed, so make sure they are 1000:1000
# - The docker socket can't be accessed anymore
user: root
volumes:
- ./media:/media
- ./certs:/certs
- /var/run/docker.sock:/var/run/docker.sock
- ./custom-templates:/templates
- geoip:/geoip
env_file:
- .env
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.9.0}
restart: unless-stopped
command: worker
environment:
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
# AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
# This is optional, and can be removed. If you remove this, the following will happen
# - The permissions for the /media folders aren't fixed, so make sure they are 1000:1000
# - The docker socket can't be accessed anymore
user: root
volumes:
- ./media:/media
- ./certs:/certs
- /var/run/docker.sock:/var/run/docker.sock
- ./custom-templates:/templates
- geoip:/geoip
env_file:
- .env
```
```

View File

@ -11,7 +11,9 @@ The VM template needs a few cloud-init tools installed before we can use it with
### Debian
`# apt install cloud-init cloud-initramfs-growroot`
```sh
apt install cloud-init cloud-initramfs-growroot
```
### AlmaLinux

View File

@ -7,53 +7,71 @@ visible: true
## Installation
`# apt install isc-dhcp-server`
```sh
apt install isc-dhcp-server
```
## Configuration
Edit `/etc/default/isc-dhcp-server`
`INTERFACESv4="(interface 1) (interface 2)"`
Edit `/etc/default/isc-dhcp-server`
```
INTERFACESv4="{INTERFACE 1} {INTERFACE 2}"
```
Edit `/etc/dhcp/dhcpd.conf` to set a subnet
```
subnet (netaddress) netmask (subnetmask) {
range (first dhcp) (last dhcp);
option subnet-mask (subnetmask);
option routers (gateway);
option domain-name "(name)";
option domain-name-servers (dns server);
subnet {NETADDRESS} netmask {SUBNETMASK} {
range {FIRST DHCP} {LAST DHCP};
option subnet-mask {SUBNETMASK};
option routers {GATEWAY};
option domain-name "{NAME}";
option domain-name-servers {DNS SERVER};
}
```
Edit `/etc/network/interfaces`
```
auto (interface)
iface (interface) inet static
address (address)
network (netaddress)
netmask (netmask)
broadcast (broadcast)
auto {INTERFACE}
iface {INTERFACE} inet static
address {ADDRESS}
network {NETADDRESS}
netmask {NETMASK}
broadcast {BROADCAST}
```
Enable the interface
`# ifup (interface)`
Enable the interface
Restart DHCP Server
`# systemctl restart isc-dhcp-server.service`
```sh
ifup {INTERFACE}
```
Restart DHCP Server
```sh
systemctl restart isc-dhcp-server.service
```
### Enable routing
`# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.d/80-forwarding.conf`
`# sysctl -p /etc/sysctl.d/80-forwarding.conf`
```sh
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.d/80-forwarding.conf
sysctl -p /etc/sysctl.d/80-forwarding.conf
```
`# iptables -t nat -A POSTROUTING -o (WAN interface) -j MASQUERADE`
`# iptables -A FORWARD -i (LAN interface) -j ACCEPT`
```sh
iptables -t nat -A POSTROUTING -o (WAN interface) -j MASQUERADE
iptables -A FORWARD -i (LAN interface) -j ACCEPT
```
Make iptables permanent
Select `Yes` during the installation to save current rules
`# apt install iptables-persistent`
Select `Yes` during the installation to save current rules
```sh
apt install iptables-persistent
```
### Enable DHCP-managed fixed IP address
@ -97,8 +115,14 @@ zone 7.168.192.in-addr.arpa. {
## Client
DHCP Request
`# dhclient -v`
DHCP Request
Release IP
`# dhclient -v -r`
```sh
dhclient -v
```
Release IP
```sh
# dhclient -v -r
```