Use SSO where possible
Closed this issue · 1 comments
martinohmann commented
We have OIDC via authelia and we have lldap. Integrate one of the two (preferably the former) where possible to get rid of the need to manage multiple distinct identities. Also add auth to sensitive web frontends (e.g. internal ones that allow unauthenticated modifications) via nginx that don't provide it.
Possible targets:
- Grafana
- Gitops
- Home Assistant
- Home Assistant Code (admin only via nginx)
- Minio
- Longhorn (admin only via nginx)
- Kubernetes Dashboard (admin only via nginx)
- Kube Web View
- Nextcloud
- pgAdmin
- proxmox
martinohmann commented
Home Assistant is a bit more effort as I need to decide how to manage addons first.