A comprehensive NethServer 8 module that integrates Authentik, the open-source Identity Provider, into your NethServer infrastructure. Authentik provides centralized authentication, authorization, and user management with support for OAuth2, SAML, LDAP, and many other protocols.
- Centralized Identity Management: Single sign-on (SSO) across all your applications
- Multi-Protocol Support: OAuth2, OpenID Connect, SAML, LDAP, SCIM, and more
- User-Friendly Interface: Modern Vue.js-based management interface
- Enterprise-Ready: Built for production environments with high availability
- Extensible: Support for custom flows, policies, and integrations
- Secure: Built-in security features including MFA, password policies, and audit logging
- NethServer 8 installed and running
- Administrative access to the NethServer cluster
- A domain name for the Authentik instance
-
Add the module to your NethServer cluster:
add-module ghcr.io/geniusdynamics/goauthentik:latest 1
The command will return output similar to:
{"module_id": "goauthentik1", "image_name": "goauthentik", "image_url": "ghcr.io/geniusdynamics/goauthentik:latest"} -
Configure the module:
api-cli run configure-module --agent module/goauthentik1 --data - <<EOF { "host": "auth.yourdomain.com", "http2https": true, "lets_encrypt": true } EOF
-
Complete the initial setup:
- Open your browser and navigate to
https://auth.yourdomain.com/if/flow/initial-setup/ - Follow the on-screen instructions to complete the Authentik setup
- Configure your first authentication flow and create administrative users
- Open your browser and navigate to
| Parameter | Type | Required | Description |
|---|---|---|---|
host |
string | Yes | Fully qualified domain name for the Authentik instance |
http2https |
boolean | Yes | Enable HTTP to HTTPS redirection |
lets_encrypt |
boolean | Yes | Enable Let's Encrypt SSL certificate |
api-cli run configure-module --agent module/goauthentik1 --data '{
"host": "auth.company.com",
"http2https": true,
"lets_encrypt": true
}'api-cli run get-configuration --agent module/goauthentik1To update to the latest version:
api-cli run update-module --data '{
"module_url": "ghcr.io/geniusdynamics/goauthentik:latest",
"instances": ["goauthentik1"],
"force": true
}'To remove the Authentik instance:
remove-module --no-preserve goauthentik1This module is built using modern containerized architecture:
- Frontend: Vue.js 2.x with Carbon Design System
- Backend: Authentik server with PostgreSQL and Redis
- Containerization: Podman with rootless containers
- Reverse Proxy: Traefik integration for SSL termination
- Service Management: Systemd user services
- Authentik Server: Main application container
- PostgreSQL: Database backend
- Redis: Caching and session storage
- Nginx: Web server for static assets
The module includes comprehensive test suites using Robot Framework:
./test-module.sh <NODE_ADDR> ghcr.io/geniusdynamics/goauthentik:latestTests cover:
- Module installation and configuration
- Service availability and functionality
- Integration with NethServer core services
- SSL certificate management
Check module environment variables:
runagent -m goauthentik1 envList running containers:
runagent -m goauthentik1 podman psAccess container shell:
runagent -m goauthentik1 podman exec -ti goauthentik-app shView service logs:
runagent -m goauthentik1 journalctl --user -u goauthentik.serviceThe UI supports multiple languages and is translated using Weblate:
- English (en)
- Spanish (es)
- Italian (it)
- German (de)
- Portuguese (pt, pt_BR)
- European Basque (eu)
- Add the GitHub Weblate app to your repository
- Add your repository to hosted.weblate.org or request addition to the ns8 Weblate project
βββ imageroot/ # Module configuration and scripts
β βββ actions/ # Module actions (configure, install, etc.)
β βββ systemd/ # Service definitions
β βββ events/ # Event handlers
βββ ui/ # Vue.js frontend application
β βββ src/ # Source code
β βββ public/ # Static assets
β βββ dist/ # Built assets
βββ tests/ # Robot Framework tests
βββ build-images.sh # Build script
βββ README.md # This file
-
Build the UI:
cd ui yarn install yarn build -
Build the container image:
./build-images.sh
-
Push to registry:
buildah push ghcr.io/geniusdynamics/goauthentik:latest
Set up a development environment:
# Clone the repository
git clone https://github.com/geniusdynamics/ns8-goauthentik.git
cd ns8-goauthentik
# Install UI dependencies
cd ui
yarn install
# Start development server
yarn serveWe welcome contributions! Please see our Contributing Guide for details.
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
- Follow the existing code style and conventions
- Add tests for new functionality
- Update documentation as needed
- Ensure all tests pass before submitting PRs
This project is licensed under the GNU General Public License v3.0 - see the LICENSE file for details.
- Kemboi Elvis - Lead Developer - [email protected]
- Martin Bhuong - Contributor - [email protected]
- Authentik Project for the excellent identity management platform
- NethServer Community for the robust server platform
- Genius Dynamics for sponsoring this module development
- Issues: GitHub Issues
- Documentation: Authentik Docs
- Community: NethServer Community Forum
Made with β€οΈ by the Genius Dynamics Team
