Scrublord MacBad 0ff598e8e0 Add documentation to wiki branch

- Deployment guides for TURN, Authentik, Monitoring, Element, Policies
- Task tracking (TASKS.md)
- Element desktop setup scripts for all platforms
- Installation guide

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>

2026-05-14 23:38:28 +02:00

1.6 KiB

Raw Permalink Blame History

Authentik als Identity Provider für Matrix

Status: ✅ Stage 1 Deployed (Authentik läuft)
Pending: Stage 2 (MAS Integration)
Domain: auth.axion1337.chat

Überblick

Authentik = OIDC Provider für MAS → Zentrales Login + Einladungs-basierte Registrierung.

Stage 1: Authentik Deployment

Dateien (in apps/authentik/):

namespace.yaml, helm-repo.yaml, authentik-secret.yaml (SOPS)
authentik.yaml (HelmRelease v2026.x + embedded Postgres)
certificate.yaml, ingress.yaml

Flux Kustomization: clusters/matrix/flux-system/authentik-sync.yaml

Deployment-Schritte

DNS A-Record: auth.axion1337.chat → 49.13.132.245
Pods hochfahren: kubectl get pods -n authentik -w
Authentik UI: https://auth.axion1337.chat/if/flow/initial-setup/ → Admin-Passwort setzen
OIDC Provider: Admin UI → OIDC Provider erstellen
Application: Slug matrix (wichtig für Issuer URL!)
Redirect URIs:
- https://account.axion1337.chat/upstream/callback/01KQDJTR1ZVTG8JQ220F5BNBFZ
- Post-logout: https://axion1337.chat
Client ID + Secret kopieren

Stage 2: MAS Integration

Decrypt: sops --decrypt --in-place apps/production/custom-configs/mas-secret.yaml
upstream_oauth2_config + passwords-config Blöcke hinzufügen
Encrypt: sops --encrypt --in-place ...
Commit & Push
WICHTIG: passwords: enabled: false erst nach OIDC-Test!

Einladungs-Links

Authentik Admin → Flows & Stages → Invitations → Create

Weitere Details: Siehe Kapitel 2 in diesem Projekt.

1.6 KiB Raw Permalink Blame History