34ae9423ef
- All OAuth2/OIDC providers created in Authentik; secrets filled for Kavita and OpenProject - Proxy Providers created for Shaarli, Uptime Kuma, LiteLLM; assigned to Embedded Outpost - OpenProject upgraded v13→v15 with data preserved; compose volume path fixed - Cloudflare tunnel updates for proxy services still pending Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
55 lines
2.1 KiB
Markdown
55 lines
2.1 KiB
Markdown
# KiteStacks Homelab Documentation v1.3.898
|
|
|
|
**Version:** 1.3.898
|
|
**Updated:** 2026-06-08
|
|
**Previous:** [v1.3.897 docs](KiteStacks-Homelab-Documentation-v1.3.897.md)
|
|
|
|
---
|
|
|
|
## Change Summary
|
|
|
|
- Completed Authentik SSO provider/application setup for all kitestacks.com services
|
|
- Filled OIDC client secrets for Kavita and OpenProject
|
|
- Upgraded OpenProject from v13 → v15 (data preserved via bind mount migration)
|
|
- Created Authentik Proxy Providers for Shaarli, Uptime Kuma, LiteLLM; assigned to Embedded Outpost
|
|
- Fixed OpenProject docker-compose.yml volume path to preserve existing data
|
|
- Updated `apps/authentik/AUTHENTIK.md` and `docs/authentik-sso-setup.md` to reflect current status
|
|
|
|
---
|
|
|
|
## SSO Status (as of 2026-06-08)
|
|
|
|
| Service | Method | Status |
|
|
|---------|--------|--------|
|
|
| Grafana | OAuth2 | ✅ Configured |
|
|
| Kite AI (OpenWebUI) | OIDC | ✅ Configured |
|
|
| Forgejo | OAuth2 | ✅ Configured |
|
|
| Kavita | OIDC | ✅ Configured, secret filled |
|
|
| OpenProject | OIDC | ✅ Configured, upgraded to v15 |
|
|
| Shaarli | Proxy | ⚠️ Provider ready, CF tunnel update pending |
|
|
| Uptime Kuma | Proxy | ⚠️ Provider ready, CF tunnel update pending |
|
|
| LiteLLM | Proxy | ⚠️ Provider ready, CF tunnel update pending |
|
|
|
|
---
|
|
|
|
## Pending
|
|
|
|
1. Update Cloudflare tunnel routes:
|
|
- `links.kitestacks.com` → `http://authentik:9000`
|
|
- `status.kitestacks.com` → `http://authentik:9000`
|
|
- `llm.kitestacks.com` → `http://authentik:9000` (new)
|
|
- `tasks.kitestacks.com` → `http://openproject:80`
|
|
2. Test SSO end-to-end for all services
|
|
3. Phase 2: add guest Authentik account with auto-provisioning across all apps
|
|
|
|
---
|
|
|
|
## Files Changed This Session
|
|
|
|
| File | Change |
|
|
|------|--------|
|
|
| `apps/kavita/config/appsettings.json` | Filled OIDC client secret |
|
|
| `apps/openproject/.env` | Filled OIDC client secret |
|
|
| `apps/openproject/docker-compose.yml` | Fixed volume path to preserve data; image already at v15 |
|
|
| `apps/authentik/AUTHENTIK.md` | Updated configured apps, pending steps, excluded services |
|
|
| `docs/authentik-sso-setup.md` | Updated SSO status table to reflect completed steps |
|