Redact all remaining IPv4 addresses, port numbers, and credential values
from RUNBOOK.md, AUTHENTIK.md, and authentik-sso-setup.md. Replace with
descriptive placeholders (<IP_REDACTED>, <port>, <REDACTED>, etc.).
Docker image version tags (postgres:16, forgejo:11, etc.) preserved.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace all production IPs (public, LAN, Tailscale), host port bindings,
and hardcoded passwords/secrets across RUNBOOK.md, docs/, and projects/
with descriptive placeholders (<KSCLOUD1_PUBLIC_IP>, <port>,
<KSCLOUD1_SUDO_PASSWORD>, etc.) so no sensitive infrastructure details
are committed to the repository.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- All OAuth2/OIDC providers created in Authentik; secrets filled for Kavita and OpenProject
- Proxy Providers created for Shaarli, Uptime Kuma, LiteLLM; assigned to Embedded Outpost
- OpenProject upgraded v13→v15 with data preserved; compose volume path fixed
- Cloudflare tunnel updates for proxy services still pending
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
BookStack is not being used. All books are managed in Kavita (kavita.kitestacks.com).
- Reverted bookstack/docker-compose.yml to pre-SSO state (no OIDC env vars, no kitestacks network)
- Removed bookstack/.env OIDC secret placeholder
- Updated docs/authentik-sso-setup.md: BookStack removed from SSO scope
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
