Files

Hermes Agent e4d91aadf9 Initial commit: homelab infrastructure wiki

- Full Obsidian vault content
- Host configs (ice, grizzley, ubuntu, proxmox, truenas, panda, hyte)
- Media stack documentation
- Traefik HA setup
- Automation scripts
- Bachelor party planning

2026-05-24 16:08:40 -07:00

1.6 KiB

Raw Blame History

title, created, updated, type, tags, sources

title

created

updated

type

SSO with Authentik

Authentik provides SSO identity provider for the homelab via OAuth2/OIDC. Traefik middleware enforces authentication on internal services.

Architecture

User → Service (protected by authentik-auth middleware)
              ↓
       Traefik middleware
              ↓
       Authentik Server (ubuntu)
       auth.tophermayor.com
              ↓
       OAuth2/OIDC flow
              ↓
       Redirect with token

Services Using SSO

Service	URL	SSO Method
Authentik	auth.tophermayor.com	Direct
Jellyfin	jellyfin.tophermayor.com	Authentik OAuth2
Immich	immich.tophermayor.com	Authentik OAuth2
Traefik Dashboard	traefik.local.tophermayor.com	local-only middleware

Authentik Components

Component	Description
Authentik Server	Main SSO application (ubuntu)
Authentik Worker	Background task processing
Authentik Redis	Session caching

Database

Authentik uses the postgres-shared PostgreSQL instance on ubuntu (authentik database).

Traefik Middleware

authentik-auth@file

Applied to services that need SSO. Users are redirected to Authentik login, then back with a valid session cookie.

authentik — Authentik entity page
ubuntu — Hosts Authentik server
docker-traefik-stack — Docker, Traefik, and container orchestration

1.6 KiB Raw Blame History