g5pw

joined 1 year ago
sorted by: new top controversial old
Modern alternatives to FreeIPA in c/linux@lemmy.ml
[–] g5pw@feddit.it 11 points 5 months ago (1 children)

The only alternative I know of that goes close to what FreeIPA does (minus the cert part) is kanidm. It does:

  • oauth2
  • ssh key distribution
  • RADIUS
  • PAM/SSSD
  • LDAP

I just noticed they have a beta for multimaster replication, which is nice.

I use it at home. Note, though, that it does not do any hand-holding, and all configuration is done through CLI. Also note, there are docs for the stable or dev branch and there sometimes are big differences between the two.

Simple authentication for homelab? in c/selfhosted@lemmy.world
[–] g5pw@feddit.it 1 points 6 months ago (1 children)

I mean, it is a bit rough, they’re not at 1.0 yet, also: are you looking at the stable or latest docs? That may be the reason the commands do not match with the docs.

Simple authentication for homelab? in c/selfhosted@lemmy.world
[–] g5pw@feddit.it 1 points 7 months ago (3 children)

I didn’t have any issues, do you see anything in the logs?

Simple authentication for homelab? in c/selfhosted@lemmy.world
[–] g5pw@feddit.it 1 points 7 months ago (5 children)

Yeah, sounds like a security feature… I was able to configure Traefik to connect with TLS, verifying the peer certificate.

Simple authentication for homelab? in c/selfhosted@lemmy.world
[–] g5pw@feddit.it 1 points 7 months ago (7 children)

Yes, it should cover all the use cases you mention!

I use oauth2-proxy as ForwardAuth on Traefik so I can protect apps that do not support OAuth/OIDC login/

Simple authentication for homelab? in c/selfhosted@lemmy.world
[–] g5pw@feddit.it 15 points 7 months ago* (last edited 7 months ago) (11 children)

I use kanidm with oauth2-proxy. No issues so far, it was pretty easy to set up.

Note that the connection to kanidm needs to be TLS even if you have a reverse proxy!

EDIT: currently using 80MB RAM for two users and three Service Providers.

Migrating away from Gandi, 9 months later in c/selfhosted@lemmy.world
[–] g5pw@feddit.it 2 points 7 months ago* (last edited 7 months ago)

I also moved away my domains and the ones of the hackerspace I manage, mainly to:

  • infomaniak (Switzerland): a bit too pushy with extra services, but not bad
  • openprovider (NL): more geared towards bulk users, have to prepay (min 20€), but okay so far
  • aruba: meh, but free mailboxes are nice

I also use Migadu, they have been great so far!

desec.io for DNS, also great and supported by Traefik for DNS-01 ACME challenge.

Conflicted about Auth servers shenanigans in c/selfhosted@lemmy.world
[–] g5pw@feddit.it 6 points 9 months ago

I think you can create a group for friends and a group for family. If you want more separation I think Authentik handles multi-tenancy as well

What do you use to manage secrets in your network? in c/selfhosted@lemmy.world
[–] g5pw@feddit.it 5 points 10 months ago (1 children)

I’m using sops with my GPG key currently.

What state, city is the Tlaxcala of your country? in c/asklemmy@lemmy.ml
[–] g5pw@feddit.it 10 points 11 months ago

Molise, Italy, which is a whole region that doesn’t exists!

Transferring my domain from Google in c/selfhosted@lemmy.world
[–] g5pw@feddit.it 2 points 11 months ago

It’s a bit chaotic, and they try to force you to pay for other stuff in the process, but the prices were not that far off from other registrars. Note that I use DeSEC for the actual nameservers though.

Transferring my domain from Google in c/selfhosted@lemmy.world
[–] g5pw@feddit.it 2 points 11 months ago (2 children)

I’ve moved mine to Infomaniak (Switzerland), no complaints so far!

view more: next ›