Check out this insightful video, in which I show you how to set up a self-hosted AI platform in your HomeLab using :

- Ollama
- OpenWebUI
- Traefik
- Authentik

Watch Now & Subscribe  https://youtu.be/RQFfK7xIL28?si=6hVHdWZL0VFTDsf8

Running #Authentik with `latest` tag was convenient for #homelab, but they're moving away from making it possible. What are the alternatives? Is there maybe something like "#dependabot but for #kubernetes images"? (I'm currently running on #podman on nixos, but I'm considering finally playing with #k8s, and regardless, this should be able to make it so I have proper image on nixos as well, I think)

Has anyone managed to implement a password expiration policy in an #authentik flow?

There's little to no documentation available and I can't figure it out for the life of me

Notes for January 27-February 2

This was a lively week both AI-wise and otherwise–if you’ll pardon the pun.(...)

#ai #authelia #authentik #cloudflare #coding #damselfly #guacamole #homelab #immich #kasmvnc #photoprism #tailscale #tidying #vscode #zed

https://taoofmac.com/space/notes/2025/02/02/1730

And down the rabbit hole I go… This time, I’ve started setting up #ArgoCD! Step one? Installing #Gitea in my #k3s cluster and, of course, integrating it with #Authentik because why not complicate my life further?

Every self-hosting journey feels like a new chapter in an endless saga. Can’t wait to see how deep this one goes.

Follow along with my adventures under #SelfHostingChronicles and join the chaos!

Ihr wollt #Mastodon auch mit (zusätzlichem) #SSO betreiben? Eure bisherigen Nutzer sollen dabei erhalten bleiben?

Ich hab da was zusammen gesucht aus der Dokumentation und verschiedenen Issues auf Github. Hier eine funktionierende Konfiguration. Ich verwende sie selbst in Verbindung mit #authentik

https://crypt.storagemte.eu/code/#/2/code/view/BSTU+Rg5Wfxl-nRt0ATUrHr86IeqYwhD5kOyMmJfYFQ/

Bitte beachtet, das ihr bei Mastodon dieselbe E-Mailadresse wie in eurem Identitätsprovider haben müsst!

Kann es sein, dass #authentik früher auf /health/live/ immer mit einer 204 und jetzt mit einer 200 antwortet?

I hear really good things about #authentik and from what I can tell from reviews and the documentation, it is very flexible and can do a lot.

But man, if it’s not confusing. #Authelia has worked so well for the last few years, but development has slowed and I haven’t had the time to dig into the code base.

We’ll see how far I get, but it hasn’t been a good start. I can’t setup my #ldap outpost because my #ldap application doesn’t show up as an available app. #SelfHosting #authentication

Erster Outpost, erste ForwardAuth mit #authentik. \o/ #erstekleineSchritte

To the #Fedimin's or #Writefreely instance operators, how do you keep the #spam away?
I have to delete at least one spam user almost every day, even though I only process the registration via our SSO service #Authentik.

I had a vauge failure message when trying to login to #tailscale with my OIDC provider via #authentik

After a some yak shaving fixing my kubeconfig to get into my cluster, fix the broken webfinger implementation to work correctly again, and it turns out that the signing certificate used for the provider in Authentik had expired and needed replacing with a new RSA based cert.

Why is nothing ever a simple fix in #selfhosting land...

i'm gonna try kanidm instead of authentik. they dont have any kubernetes examples but i think i can figure it out

I‘m looking for a good IDP for self-hosting in my homelab. It should be available as a NixOS service and be configurable via config files as much as possible. There‘s a dedicated flake for authentik, but is it also fully configurable via files? Any alternatives? #NixOS #SelfHost #Homelab #idp #authentik

Ja man sollte doch ab und an die Anleitung zum Update lesen, mit #authentik 2024.6.0 gibts jetzt auch #PostgreSQL 16 und da sollte man natürlich die DB auch mitnehmen

I discovered #Authentik for myself last night. I then immediately enabled #SingleSignOn for the first eight applications. How awesome is that?

#Proxmox #homelab #selfhosting

https://goauthentik.io

I got #authentik up and running and it seems... complicated. Does anyone run #authelia? I mean, I don't need all the fancy LDAP trinkets and such, I just need webauthn that opens the floodgates to my oauth-capable backends.

What stops me is that authelia has a security assessment and authentik doesn't.

I'm self-hosting the design tool, @penpot, I use for personal projects. For login, I'm running my own #OpenID auth server with #Authentik.

Boy does this make me happy.

So I'm learning that #headscale is intentionally missing features from #tailscale. And it seems I am in need of a couple of those features. I wonder how hard it would be to migrate from selfhosted to commercial? The free plan is basically an unlimited demo, so that is fine. It even lists #authentik as an example of a supported IDP..

Guess what isn't actually supported? Well, start with "any IDP that doesn't run on the bare domain, matching the email address" because they use webfinger. (The tl;dr on that is that if your account is "cats@dogs.com", it downloads https://dogs.com/.well-known/webfinger. What if there is no site at dogs.com? That is just too bad.)

OK now pretend you happily reconfigured everything to align your email address with your bare domain.. Your next prize is discovering that Authentik does not, in fact, support webfinger. All you did is jack up your configurations and DNS for no reason.

So um well there is a lot wrong there and maybe I'll just get a normal account. Now I have to decide who gets access to my tailnet without my permission: Google, Microsoft, Microsoft, or Apple. This just keeps getting worse.

I have a headache.

#security #selfhost #selfhosting