@arcayne

arcayne@lemmy.today · 1 month ago

Does docker, pypi, apt, ansible galaxy, etc. I use it at work as part of our undercloud for OpenStack. It’s the go-to for StackHPC, too.

arcayne@lemmy.today · 1 month ago

Not sure if it’d fit your use case 100%, but this has been a nice middle ground solution for LE certs in my lab: https://www.certwarden.com/

arcayne@lemmy.today · 2 months ago

I started hybrid, but luckily my boss noticed how much more productive I was when WFH. Now I only have to go in every once in a while, think it’s been about a month since my last commute. I really wish more managers/employers would warm up to this concept.

arcayne@lemmy.today · 3 months ago

For sure! If you do end up taking it for a spin, feel free to ping me with any questions.

arcayne@lemmy.today · 3 months ago

I’d like to encourage you to take another look at Authentik, it sounds like their Proxy Provider is exactly what you’re looking for: https://docs.goauthentik.io/docs/providers/proxy/

Authentik can certainly get complex, but only if you want/need it to. It is by far the most user-friendly IDP solution I’ve found, especially for what it offers. Their docs also have step-by-step guides for how to integrate a lot of popular self-hosted apps.

Only takes a couple mins to spin up a test environment using their Docker compose file: https://docs.goauthentik.io/docs/installation/docker-compose

arcayne@lemmy.today · edit-2 3 months ago

Apps: SSO via Authentik where I can, unique user/pass combo via Bitwarden where I can’t (or, more realistically, don’t want to).

General infra: Unique RSA keys, sometimes Ed25519

Core infra: Yubikey

This is overkill for most, but I’m a systems engineer with a homelab, so it works well for me.

If you’re wanting to practice good security hygiene, the bare minimum would be using unique cred pairs (or at least unique passwords) per app/service, auto-filled via a proper password manager with a browser extension (like KeePassXC or Bitwarden).

Edit: On the network side, if your goal is to just do some basic internal self-hosting, there’s nothing wrong with keeping your topo mostly flat (with the exception of a separate VLAN for IoT, if applicable). Outside of that, making good use of firewalls will help you keep things pretty tight. The networking rabbit hole is a deep one, not always worth the dive unless you’re truly wanting to learn for the sake of a cert/job/etc.