There are reasons why I'm proud of my "home" setup:
1. It just works.
2. I know what I build, so I can fix it.
3. It's all a single login.
4. Maintenance is fully automated.
5. It federates in many ways and therefore doesn't limit, but enable me to share things.
What runs on my setup?
And for those who wonder how it works, well, it's all publicly available:
For the non-federated services (CodiMD and GitLab) you can actually sign-up on keycloak and get access to them.
It's easy, it's fast and the entire backend is encrypted. There are also automated daily backups to another cloud provider. And hosting static websites is available as well.
Take time, build things slowly but steady and you'll get wonderful integrated services.
@sheogorath oh nice! I was looking at setting up keycloak last week. Currently I have a partial openLDAP backend. How'd you manage that?
@vbatts I don't use LDAP. I decided to not use it, due to a missing GUI for management.
I'm definitely capable of managing LDAP from the CLI, but to be honest, I simply don't want.
Therefore I use the keycloak internal user database and it seems to serve me well. We are talking about 5 users authenticating once a day in a worst case scenario, so performance is not that much of an issue.
@sheogorath do you run it in a container, or just have the wildfly server running on the host? Are you using the OIDC as well?
@vbatts Except of the mail server which is confined by SELinux, everything is running in unprivileged containers.
And I rarely used ODIC, I think only for CodiMD. For everything else, I use SAML. (Mastodon for example, doesn't support OIDC and nextcloud has an official plugin for SAML but only an unofficial one for ODIC.)
@sheogorath What backends is Keycloak using?
I have Keycloak running, and authenticating against my FreeIPA servers, but to be honest I haven't really pointed anything to actually use Keycloak yet 😂
@mhamzahkhan I actually use the keycloak internal user backend. I thought about using LDAP but 🤷 There is no really nice management interface for LDAP (besides freeIPA but I don't use that because k5 over the internet is tricky, it's hard to containerize, …) and at the end of the day, for 5 users authenticating once a day in worst case, it's really not needed.
@m4rk see, exactly that is not what I want it to be. Yes, it can take up an evening to try something new, to change something etc. But it shouldn't take your free time when you decide that you need free time. That's why updates are automated pretty much completely. And everything is buiod on a well-aging distribution.
Dude/Dudette, this is a short note to say thank you. I never knew this exists, but now I want to try it. I want my notes somewhere other than my machine.
Thank you again, your setup notes have helped make a life better.
This is my personal microblog. It's filled with my fun, joy and silliness.