Just did the chores and kicked out #k3s, #longhorn, #keycloak and #tekton, hello #authentik and #hugo
Less complexity, more fun.

I have #Authentik now. Set it up for #Outline, #KitchenOwl, and even #SynologyDSM!
#homelab #selfhosted #selfhosting #selfhost

Hab meinem blog mal ein neues theme verpasst, eine Anleitung zu #tinyauth geschrieben und die #Immich und #pocketid Anleitung an die neusten Versionen angepasst.

tinyauth ist ziemlich cool, ein super lightweight #authelia oder #authentik alternative geschrieben in #golang

https://2tap2.be/posts/tinyauth/

Proxmox in Enterprises: I'm often asked, 'Can we use our Active Directory, LDAP, or OIDC with Proxmox?' Yes, you can!

Let's have quick dive into installing and configuring Authentik and configure Proxmox VE to use OIDC as an additional authentication realm.

#Proxmox #ProxmoxVE #opensource #Authentik #OpenID #OpenIDConnect #OIDC #EntraID #enterprise #homelab

https://gyptazy.com/proxmox-authentik-oidc-install-configure-and-connect-authentik-to-proxmox-ve/

omg, what started as "let's bring Authentik up to the latest version",
turned into "Authentik requires Postgres to be upgraded",
turned into "Postgres needs me to dump and reimport the data to upgrade"
turned into "sh*t, my dump failed and I already deleted the docker volume"
turned into "my data is gone, and now I'm setting up a fresh Authentik server" #authentik #Docker

Anyone have leads on getting into the IT space ? I have experience maintaining services like #nextcloud #Authentik #Vaultwarden and many more. I also maintain physical servers that have a pretty high uptime.

I do also have customer service experience so I can do helpdesk for end users.

If you have any leads on US remote opportunities or would like to take a look at my resume to see if there's any way to spice it up to look more approachable for these types of positions, please let me know and lets get me #fedihired !

So I was messing with #drupal in the #homelab and I wanted to turn on #SSO with #authentik.

Somehow I didn’t find the official drupal OIDC module, I found this other one. I installed it, got it configured, and the first time I tried to login, it said “whoops, you have to purchase this module to use it.” Fine. I like supporting software, what does it cost?

$250/year!? To LOG IN? F that.

One of its key selling points is how easy it is to configure. If I was configuring it often, maybe I could see that. But OIDC and SAML are the kinds of things you set up once per lifetime. Make it as hard as you want (many apps do!) I only have to get through it once.

I mean $10? Even as much as maybe $50 I might have paid once. But I refuse to pay annually for the ability to login.
#selfhosted

#ayuda fediverso #tailscale #selfhosting
#ayudaTec

estoy probando nuevo setup red interna, usando funnel (tailscale serve) para exponer en web (dentro de tailscale) aplicaciones en la raspberry. ejemplo:
tengo #komodo en 127.0.0.1:9120. pero quiero poner varios funnels a la vez, como por ejemplo cockpit en 9090. se puede con --set-path

https://tailscale.com/kb/1242/tailscale-serve#serve-command-flags

y funciona:
(vease primer pantallazo)

pero no me cargan las aplicaciones. por el puto path. vease segundo pantallazo

las aplicaciones buscan todos los archivos en el root / y no en /komodo /cockpit. o lo que sea. y como resultado, no carga nada. todo roto

probe poner un reverse proxy y hacerle rewrite a las urls. pero aparte de ya parecerme muy absurdo: no puedo. al intentar desplegar nginx proxy manager (pero me pasaria con cualquier otro) me dice, con razon: que el puerto 443 esta siendo utilizado ya y que me peine.

(siento la parrafada, pero por explicarme bien, si alguien me puede dar otra solucion) la intencion de todo eso es hacer segura una red interna en la raspberry que pueda acceder servicios por urls sin saberme de memoria todos los puertos, y que pueda usar un gestor de contraseña para cada servicio sin tener que hacer copiar pegar manualmente porque no entienden de puertos.

problema muy primer mundista, ya lo se. pero me divierte.

idealmente quisiera poner un IAM como #keycloak #authentik #authelia o alguno de esos, con 2FA. pero soy demasiado inutil para configurarlos. me viene muy grande ese mundo aun. pero seria el objetivo final.

@t3rr0rz0n3 @matiargs
@trankten @sam @z3r0

Anyone else out there running authentik in their home network? I’m starting to roll it out on my public-facing apps, but I’m nervous about adding another layer to the cake.

So... I switched from Keycloak to authentik. And this is how it went!

https://steffo.blog/i-switched-from-keycloak-to-authentik/

Sure, it's not the best blog post, but it's better than nothing, I guess.

Okay, authentik is up! Took a while, I was fighting against flux and the helm release because it deployed with the wrong StorageClass (I forgot to have that configuration ready before release.) Helm wasn't able to modify the PVC because they're immutable, updating the release has to wait for the initial release to succeed (which it won't) or timeout and flux is quiet on the reasons for all of this unless you know where to look lots of learning was had though!

Anyway, admin and personal user accounts created, MFA enabled. Got my first application integrated too! (actual budget)

What next? The world is my oyster... Probably gitea or semaphore. I'm hesitant to integrate services like jellyfin before I have more users onboarded and this gives me an opportunity to experiment with other edge cases like other providers and service accounts and such

Мой опыт настройки SSO OpenID Connect в 1С с помощью Authentik

При внедрении единой системы аутентификации в компании я столкнулся с задачей организовать SSO-доступ к 1С через протокол OpenID Connect. За основу я взял статью на InfoStart ( https://infostart.ru/1c/articles/1538390/ ), однако в качестве провайдера аутентификации использовал не Keycloak, как в оригинале, а Authentik — современную и удобную альтернативу с простым UI и богатым функционалом.

https://habr.com/ru/articles/895294/

Spent way too much time today setting up #authentik and moving over my self hosted stuff to SSO... Good stuff.

Check out this insightful video, in which I show you how to set up a self-hosted AI platform in your HomeLab using :

- Ollama
- OpenWebUI
- Traefik
- Authentik

Watch Now & Subscribe  https://youtu.be/RQFfK7xIL28?si=6hVHdWZL0VFTDsf8

I have now installed and tested Authentik for CoreUnit.NET. So far I am satisfied. Keycloak, dex and other IDP's made me dissatisfied in some steps. As a developer I just dont like the container image taging, please use semver so I can pin major/minor versions.

Running #Authentik with `latest` tag was convenient for #homelab, but they're moving away from making it possible (edit: from having :latest tag available, nothing else changes). What are the alternatives? Is there maybe something like "#dependabot but for #kubernetes images"? (I'm currently running on #podman on nixos, but I'm considering finally playing with #k8s, and regardless, this should be able to make it so I have proper image on nixos as well, I think)

Když už používáte ten #cloudflaretunnel pro přístup k docker aplikacím na vaší NAS, tak #Authentik je vlastně dobrá věcička. Aspoň nemusíte vyplňovat email a zadávat pin kód. Ale on se dá použít i pro login i do těch aplikací. A můžete ho hostit u sebe. #selfhosted https://goauthentik.io/

Has anyone managed to implement a password expiration policy in an #authentik flow?

There's little to no documentation available and I can't figure it out for the life of me

I'm looking at setting up a bunch of self hosted services to replace our (self, family, friends) dependence on corporate cloud stuff. Email (custom, since none of the Just Add Server offerings do everything I need for free), shared drive (likely nextcloud, ugh), docs (likely collabora), jitsi for video, discourse for group forums, and so on.

I'd like to make all of this SSO, to the extent that it reasonably can be.

I'm probably going to use FreeIPA as the identity source of truth, but I'm finding that there are enough new things I need to learn about centralized authentication that I'm having a hard time finding a starting point that doesn't require a bunch of other context. So I'm asking for help.

Does anyone know of a good guide to these sorts of concepts, preferably available online? I'm familiar with most of the other Linux sysadmin concepts and have plenty of hardware and bandwidth at my disposal.