ea8b426f23
- Enable OIDC in Kavita appsettings.json (Authority, ClientId, Enabled) - Add OIDC env vars to BookStack compose + APP_URL + kitestacks network - Add OIDC env vars to OpenProject compose + kitestacks network declaration - Add kitestacks network + error reporting setting to Authentik compose - Create .env secret placeholders for BookStack and OpenProject - Add comprehensive SSO setup guide: docs/authentik-sso-setup.md - Version bump: v1.3.883 → v1.3.884 Services getting native OIDC: Grafana, OpenWebUI, Forgejo, BookStack, OpenProject, Kavita Services getting proxy auth: Shaarli, Uptime Kuma, LiteLLM Excluded: Portainer, Prometheus, Node Exporter, OpenRouter Manual steps pending: Authentik admin UI app creation, Forgejo OAuth source, Cloudflare tunnel updates. See docs/authentik-sso-setup.md for the full checklist. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2.4 KiB
2.4 KiB
KiteStacks Homelab Documentation v1.3.884
Version: 1.3.884 Updated: 2026-06-08 14:38:00 Previous: v1.3.883 docs
Change Summary
Feature: Authentik SSO configured for all kitestacks.com services
Config files updated:
apps/authentik/docker-compose.yml— kitestacks network declared, error reporting disabledapps/kavita/config/appsettings.json— OIDC enabled, Authority set to auth.kitestacks.comapps/bookstack/docker-compose.yml— OIDC env vars added, APP_URL updated, kitestacks network addedapps/bookstack/.env— BOOKSTACK_OIDC_SECRET placeholder createdapps/openproject/docker-compose.yml— OIDC env vars added, kitestacks network declaredapps/openproject/.env— OPENPROJECT_OIDC_SECRET placeholder created
Manual steps remaining (see docs/authentik-sso-setup.md):
- Create Authentik OAuth2/OIDC providers + applications for: Grafana, OpenWebUI, Kavita, BookStack, OpenProject
- Create Authentik Proxy Providers for: Shaarli, Uptime Kuma, LiteLLM
- Assign proxy providers to the Embedded Outpost
- Configure Forgejo OAuth2 source via Forgejo admin UI
- Update Cloudflare tunnel routes for proxy services
- Fill in client secrets in .env files and restart containers
Reference: Authentik SSO Setup Guide
Cluster
| Component | Status |
|---|---|
| K3s | Active |
| FluxCD | Planned |
| Longhorn | Planned |
Applications
| App | Path | SSO |
|---|---|---|
| Homepage | apps/homepage/ | Public (no auth) |
| Authentik | apps/authentik/ | Identity Provider |
| Grafana | apps/grafana/ | OAuth2 → Authentik |
| Open WebUI | apps/kite-ai/ | OIDC → Authentik |
| Forgejo | apps/forgejo/ | OAuth2 → Authentik |
| BookStack | apps/bookstack/ | OIDC → Authentik |
| OpenProject | apps/openproject/ | OIDC → Authentik |
| Kavita | apps/kavita/ | OIDC → Authentik |
| Shaarli | apps/shaarli/ | Proxy → Authentik |
| Uptime Kuma | apps/uptime-kuma/ | Proxy → Authentik |
| LiteLLM | apps/kite-ai/ | Proxy → Authentik |
| Portainer | apps/portainer/ | SSO excluded |
| Prometheus | apps/prometheus/ | SSO excluded |
| Linkding | apps/linkding/ | TBD |
SSO Documentation
Authentik SSO Setup Guide — Full setup instructions, Authentik UI steps, Cloudflare tunnel changes, troubleshooting.