kenpat/kitestacks-homelab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
943 commits 2 branches 0 tags 739 MiB
Commit graph

4 commits

Author SHA1 Message Date
KiteStacks AutoSync
e409b461d8 security: redact all IPs, ports, and passwords from docs 
Replace all production IPs (public, LAN, Tailscale), host port bindings,
and hardcoded passwords/secrets across RUNBOOK.md, docs/, and projects/
with descriptive placeholders (<KSCLOUD1_PUBLIC_IP>, <port>,
<KSCLOUD1_SUDO_PASSWORD>, etc.) so no sensitive infrastructure details
are committed to the repository.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-11 16:05:53 -05:00
Kenpat7177
34ae9423ef docs: complete Authentik SSO setup for all kitestacks.com services (v1.3.898) 
- All OAuth2/OIDC providers created in Authentik; secrets filled for Kavita and OpenProject
- Proxy Providers created for Shaarli, Uptime Kuma, LiteLLM; assigned to Embedded Outpost
- OpenProject upgraded v13→v15 with data preserved; compose volume path fixed
- Cloudflare tunnel updates for proxy services still pending

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-08 20:32:51 -05:00
Kenpat7177
59b9209846 chore: retire BookStack — books hosted on Kavita 
BookStack is not being used. All books are managed in Kavita (kavita.kitestacks.com).
- Reverted bookstack/docker-compose.yml to pre-SSO state (no OIDC env vars, no kitestacks network)
- Removed bookstack/.env OIDC secret placeholder
- Updated docs/authentik-sso-setup.md: BookStack removed from SSO scope

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-08 14:53:57 -05:00
Kenpat7177
ea8b426f23 feat: configure Authentik SSO for all kitestacks.com services 
- Enable OIDC in Kavita appsettings.json (Authority, ClientId, Enabled)
- Add OIDC env vars to BookStack compose + APP_URL + kitestacks network
- Add OIDC env vars to OpenProject compose + kitestacks network declaration
- Add kitestacks network + error reporting setting to Authentik compose
- Create .env secret placeholders for BookStack and OpenProject
- Add comprehensive SSO setup guide: docs/authentik-sso-setup.md
- Version bump: v1.3.883 → v1.3.884

Services getting native OIDC: Grafana, OpenWebUI, Forgejo, BookStack, OpenProject, Kavita
Services getting proxy auth:  Shaarli, Uptime Kuma, LiteLLM
Excluded: Portainer, Prometheus, Node Exporter, OpenRouter

Manual steps pending: Authentik admin UI app creation, Forgejo OAuth source, Cloudflare tunnel updates.
See docs/authentik-sso-setup.md for the full checklist.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-08 14:42:11 -05:00