NODEDC_PLATFORM/infra/authentik/README.md

Authentik Local Bootstrap

This directory stores local Authentik bootstrap assets for NODE.DC.

Current scope

The first infra pass runs Authentik from the official Docker Compose shape for the 2026.2 release line:

• PostgreSQL 16;
• authentik server;
• authentik worker;
• no Redis service in the current official compose template;
• Caddy reverse proxy in front of Authentik and current local apps.

Bootstrap variables

For a first local install, put these variables in infra/.env:

AUTHENTIK_BOOTSTRAP_EMAIL=admin@nodedc.local
AUTHENTIK_BOOTSTRAP_PASSWORD=<local generated password>
AUTHENTIK_BOOTSTRAP_TOKEN=<local generated token>

These are read only on first startup. Do not commit infra/.env.

Future blueprint work

Later phases should add reproducible configuration for:

• NODE.DC Launcher Application/Provider;
• NODE.DC Task Manager Application/Provider;
• groups and policies;
• admin service token scope;
• exports or blueprints for repeatable setup.