kenpat/kitestacks-homelab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
kitestacks-homelab/cloud-migration/claude-memory/project-sso.md
kenpat fb822d5142 Reorganize repos into kitestacks-homelab + plain-English doc rewrite 
- Rewrote RUNBOOK.md and DEBUG-DOCUMENTATION.md in simple 5th-grade language
  with real-world analogies for every technical concept
- Updated README.md with current service inventory and folder map
- Added cloud-migration/ subdirectory (from kitestacks-cloud-migration repo)
- Added autosync/ subdirectory (from kitestacks-homelab-autosync-test repo)
- Added osticket/ subdirectory (from OSTicketSystem repo)
- Added cloud/ placeholder for future cloud configs
- Excluded binary DB/postgres files from autosync subdirectory

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-18 18:37:58 -05:00

32 lines
1.8 KiB
Markdown
Raw Permalink Blame History

---
name: project-sso
description: "Authentik SSO setup status for kitestacks.com — what's done vs pending"
metadata:
node_type: memory
type: project
originSessionId: 301d23e2-6920-42b0-a27d-eba4e667b7f7
---
Authentik SSO configured 2026-06-08 to cover all kitestacks.com services.
Full reference: `docs/authentik-sso-setup.md` in the Forgejo repo.
**Config files updated (done):**
- `apps/authentik/docker-compose.yml` — kitestacks network declared
- `apps/kavita/config/appsettings.json` — OIDC enabled, Authority set
- BookStack retired — not used, all books on Kavita
- `apps/openproject/docker-compose.yml` — OIDC env vars + network
- `apps/openproject/.env` — OPENPROJECT_OIDC_SECRET placeholder
- Grafana and OpenWebUI already had OIDC env vars (just need Authentik apps created)
**Pending manual steps:**
1. Create Authentik OAuth2/OIDC providers + applications in admin UI for: Grafana, OpenWebUI, Kavita, OpenProject, Forgejo
2. Create Authentik Proxy Providers for: Shaarli, Uptime Kuma, LiteLLM; assign to Embedded Outpost
3. Configure Forgejo OAuth2 source via Forgejo admin UI (Site Admin → Auth Sources)
4. Fill client secrets in `.env` files and restart containers
5. Update Cloudflare tunnel routes: links.kitestacks.com → authentik:9000, status.kitestacks.com → authentik:9000, llm.kitestacks.com → authentik:9000
6. After OpenProject container recreation (v13→v15 upgrade), update tunnel: tasks.kitestacks.com → openproject:80
**Excluded from SSO:** Portainer, Prometheus, Node Exporter, OpenRouter, BookStack (retired)
**Why:** User requested Authentik SSO for all services; OpenRouter/Prometheus/node-exporter/Portainer excluded by user request.
**How to apply:** When user asks about SSO, check this memory for current status before suggesting next steps.
Reference in a new issue View git blame Copy permalink