This commit is contained in:
RealStickman 2023-02-19 15:21:41 +01:00
parent 9d7060f531
commit e0651eea6c
3 changed files with 106 additions and 78 deletions

View File

@ -9,8 +9,10 @@ visible: false
### Network and Pod ### Network and Pod
`# podman network create net_authentik` ```sh
`# podman pod create --name pod_authentik --network net_authentik -p ` podman network create net_authentik
podman pod create --name pod_authentik --network net_authentik -p
```
#### Port Mappings #### Port Mappings
@ -21,7 +23,7 @@ visible: false
### Database ### Database
```sh ```sh
# podman run --name authentik_db \ podman run --name authentik_db \
-e PGDATA=/var/lib/postgresql/data/pgdata \ -e PGDATA=/var/lib/postgresql/data/pgdata \
-e POSTGRES_USER=authentik \ -e POSTGRES_USER=authentik \
-e POSTGRES_PASSWORD=authentik \ -e POSTGRES_PASSWORD=authentik \
@ -34,7 +36,7 @@ visible: false
### Redis ### Redis
```sh ```sh
# podman run --name authentik_redis \ podman run --name authentik_redis \
-v /mnt/authentik_redis:/data \ -v /mnt/authentik_redis:/data \
--pod pod_authentik \ --pod pod_authentik \
-d docker.io/redis:7 \ -d docker.io/redis:7 \
@ -45,27 +47,27 @@ visible: false
https://goauthentik.io/docs/installation/docker-compose https://goauthentik.io/docs/installation/docker-compose
``` ```yaml
server: server:
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.9.0} image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.9.0}
restart: unless-stopped restart: unless-stopped
command: server command: server
environment: environment:
AUTHENTIK_REDIS__HOST: redis AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
# AUTHENTIK_ERROR_REPORTING__ENABLED: "true" # AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
volumes: volumes:
- ./media:/media - ./media:/media
- ./custom-templates:/templates - ./custom-templates:/templates
- geoip:/geoip - geoip:/geoip
env_file: env_file:
- .env - .env
ports: ports:
- "0.0.0.0:${AUTHENTIK_PORT_HTTP:-9000}:9000" - "0.0.0.0:${AUTHENTIK_PORT_HTTP:-9000}:9000"
- "0.0.0.0:${AUTHENTIK_PORT_HTTPS:-9443}:9443" - "0.0.0.0:${AUTHENTIK_PORT_HTTPS:-9443}:9443"
``` ```
``` ```
@ -74,30 +76,30 @@ https://goauthentik.io/docs/installation/docker-compose
### Application Worker ### Application Worker
``` ```yaml
worker: worker:
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.9.0} image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.9.0}
restart: unless-stopped restart: unless-stopped
command: worker command: worker
environment: environment:
AUTHENTIK_REDIS__HOST: redis AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
# AUTHENTIK_ERROR_REPORTING__ENABLED: "true" # AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
# This is optional, and can be removed. If you remove this, the following will happen # This is optional, and can be removed. If you remove this, the following will happen
# - The permissions for the /media folders aren't fixed, so make sure they are 1000:1000 # - The permissions for the /media folders aren't fixed, so make sure they are 1000:1000
# - The docker socket can't be accessed anymore # - The docker socket can't be accessed anymore
user: root user: root
volumes: volumes:
- ./media:/media - ./media:/media
- ./certs:/certs - ./certs:/certs
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
- ./custom-templates:/templates - ./custom-templates:/templates
- geoip:/geoip - geoip:/geoip
env_file: env_file:
- .env - .env
``` ```
``` ```

View File

@ -11,7 +11,9 @@ The VM template needs a few cloud-init tools installed before we can use it with
### Debian ### Debian
`# apt install cloud-init cloud-initramfs-growroot` ```sh
apt install cloud-init cloud-initramfs-growroot
```
### AlmaLinux ### AlmaLinux

View File

@ -7,53 +7,71 @@ visible: true
## Installation ## Installation
`# apt install isc-dhcp-server` ```sh
apt install isc-dhcp-server
```
## Configuration ## Configuration
Edit `/etc/default/isc-dhcp-server` Edit `/etc/default/isc-dhcp-server`
`INTERFACESv4="(interface 1) (interface 2)"`
```
INTERFACESv4="{INTERFACE 1} {INTERFACE 2}"
```
Edit `/etc/dhcp/dhcpd.conf` to set a subnet Edit `/etc/dhcp/dhcpd.conf` to set a subnet
``` ```
subnet (netaddress) netmask (subnetmask) { subnet {NETADDRESS} netmask {SUBNETMASK} {
range (first dhcp) (last dhcp); range {FIRST DHCP} {LAST DHCP};
option subnet-mask (subnetmask); option subnet-mask {SUBNETMASK};
option routers (gateway); option routers {GATEWAY};
option domain-name "(name)"; option domain-name "{NAME}";
option domain-name-servers (dns server); option domain-name-servers {DNS SERVER};
} }
``` ```
Edit `/etc/network/interfaces` Edit `/etc/network/interfaces`
``` ```
auto (interface) auto {INTERFACE}
iface (interface) inet static iface {INTERFACE} inet static
address (address) address {ADDRESS}
network (netaddress) network {NETADDRESS}
netmask (netmask) netmask {NETMASK}
broadcast (broadcast) broadcast {BROADCAST}
``` ```
Enable the interface Enable the interface
`# ifup (interface)`
Restart DHCP Server ```sh
`# systemctl restart isc-dhcp-server.service` ifup {INTERFACE}
```
Restart DHCP Server
```sh
systemctl restart isc-dhcp-server.service
```
### Enable routing ### Enable routing
`# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.d/80-forwarding.conf` ```sh
`# sysctl -p /etc/sysctl.d/80-forwarding.conf` echo "net.ipv4.ip_forward=1" >> /etc/sysctl.d/80-forwarding.conf
sysctl -p /etc/sysctl.d/80-forwarding.conf
```
`# iptables -t nat -A POSTROUTING -o (WAN interface) -j MASQUERADE` ```sh
`# iptables -A FORWARD -i (LAN interface) -j ACCEPT` iptables -t nat -A POSTROUTING -o (WAN interface) -j MASQUERADE
iptables -A FORWARD -i (LAN interface) -j ACCEPT
```
Make iptables permanent Make iptables permanent
Select `Yes` during the installation to save current rules Select `Yes` during the installation to save current rules
`# apt install iptables-persistent`
```sh
apt install iptables-persistent
```
### Enable DHCP-managed fixed IP address ### Enable DHCP-managed fixed IP address
@ -97,8 +115,14 @@ zone 7.168.192.in-addr.arpa. {
## Client ## Client
DHCP Request DHCP Request
`# dhclient -v`
Release IP ```sh
`# dhclient -v -r` dhclient -v
```
Release IP
```sh
# dhclient -v -r
```