There’s SwiftFin, but it’s been a while from the last update (iOS app was updated recently though) and there’s a number of issues. It’s usable though (I’m using it).

There’s LaserWeb but apparently it doesn’t support closed source (Chinese) firmware so you’d need to change your laser’s controller…

The only alternative I know of that goes close to what FreeIPA does (minus the cert part) is kanidm. It does:

• oauth2
• ssh key distribution
• RADIUS
• PAM/SSSD
• LDAP

I just noticed they have a beta for multimaster replication, which is nice.

I use it at home. Note, though, that it does not do any hand-holding, and all configuration is done through CLI. Also note, there are docs for the stable or dev branch and there sometimes are big differences between the two.

I mean, it is a bit rough, they’re not at 1.0 yet, also: are you looking at the stable or latest docs? That may be the reason the commands do not match with the docs.

I didn’t have any issues, do you see anything in the logs?

Yeah, sounds like a security feature… I was able to configure Traefik to connect with TLS, verifying the peer certificate.

Yes, it should cover all the use cases you mention!

I use oauth2-proxy as ForwardAuth on Traefik so I can protect apps that do not support OAuth/OIDC login/

I use kanidm with oauth2-proxy. No issues so far, it was pretty easy to set up.

Note that the connection to kanidm needs to be TLS even if you have a reverse proxy!

EDIT: currently using 80MB RAM for two users and three Service Providers.

I also moved away my domains and the ones of the hackerspace I manage, mainly to:

• infomaniak (Switzerland): a bit too pushy with extra services, but not bad
• openprovider (NL): more geared towards bulk users, have to prepay (min 20€), but okay so far
• aruba: meh, but free mailboxes are nice

I also use Migadu, they have been great so far!

desec.io for DNS, also great and supported by Traefik for DNS-01 ACME challenge.

Thanks, i’m aware of the risks involved and (mostly) know what I’m doing. Right now I’m just probing for faulty caps

My UPS just died :( so I’m trying to repair it. It start beeping like it’s overloaded even with no load attached. I’m suspecting an issue around the current transformer ADC.

Apart from that, I have a TuringPi 2 loaded with SOQuartz boards to start up, I was thinking of trying kubernetes (k0s) to have some resilience for the base infra (dns resolver, dns root zone for the home domain, metrics) but I need a couple of days to start…

Maybe you could try tryton? It’s modular and you can add a lot of useful functionality for businesses, like stocks/orders etc

I’m also leaving, migrates to infomaniak as a registrar, DeSec as DNS provider and Migadu for email… no regrets!

Sure, but it’s a question of principle. I try to use and support FLOSS software if possible.

Aw man… and I was just thinking about deploying Nomad in my homelab…

I found the definition of Coordi-Nations interesting. It could also be applied to hackerspaces/hackbases. I need to look into that

Perhaps you could find some info in the translation project wiki page?

I use sops, usually with exec-env

Huh, that’s actually way better than my current setup of spamming me on Telegram every time there’s an update

Exactly this. In a federated network, the instance with the majority of users could dictate the protocol, forcing the smaller issues to continually adapt or die. See this post for a very real example of this.