throwing this one online!
-
throwing this one online!
No Ansible, No LDAP: How to use single sign-on for app/server access across multiple servers: https://d1.hackers.moe/notes/no-ansible-no-ldap/
i've been looking into how small-scale community hosters might benefit from using single sign-on systems not only for web logins but also for server access management
please pipe all your unconstructive opsec rants to /dev/null
-
throwing this one online!
No Ansible, No LDAP: How to use single sign-on for app/server access across multiple servers: https://d1.hackers.moe/notes/no-ansible-no-ldap/
i've been looking into how small-scale community hosters might benefit from using single sign-on systems not only for web logins but also for server access management
please pipe all your unconstructive opsec rants to /dev/null
@d1 I run some various little things and rauthy seems like it really fits this niche well. I've been thinking about trying it out so I appreciate the write-up!
-
@d1 I run some various little things and rauthy seems like it really fits this niche well. I've been thinking about trying it out so I appreciate the write-up!
@wronglang tysm!
that's great to hear also. good luck with it and please do consider sharing your experiences. I'd be curious how you get on
️I can share configs or tips if you run into issues when setting things up and/or maintaining it
-
throwing this one online!
No Ansible, No LDAP: How to use single sign-on for app/server access across multiple servers: https://d1.hackers.moe/notes/no-ansible-no-ldap/
i've been looking into how small-scale community hosters might benefit from using single sign-on systems not only for web logins but also for server access management
please pipe all your unconstructive opsec rants to /dev/null
@d1 that's a great write-up! I've been using Yunohost as self hosted OS of choice, which abstracts away all of this to LDAP, but I keep frowning with my lack of understanding of it. Rauthy looks a great replacement with all the needed features. And the use of hiqsqlite makes it very interesting for horizontal scaling! Thanks for sharing
-
throwing this one online!
No Ansible, No LDAP: How to use single sign-on for app/server access across multiple servers: https://d1.hackers.moe/notes/no-ansible-no-ldap/
i've been looking into how small-scale community hosters might benefit from using single sign-on systems not only for web logins but also for server access management
please pipe all your unconstructive opsec rants to /dev/null
> the core of the problem for community hosters is that you need people with specialist skills to do this work and you don’t have a lot of those.
Yep. I have minimal sysadmin skills. I would love to run some services off a PC under a desk for a community space I'm part of, but I just dont have the skills. Do you know of any groups that support would-be community-infra creator-maintainers?
-
> the core of the problem for community hosters is that you need people with specialist skills to do this work and you don’t have a lot of those.
Yep. I have minimal sysadmin skills. I would love to run some services off a PC under a desk for a community space I'm part of, but I just dont have the skills. Do you know of any groups that support would-be community-infra creator-maintainers?
@semitones great! and yes, extremely valid question. i'm not sure.
did you manage to find any local groups doing self-hosting?
we are like a pretty diverse crowd running @coopcloud and people who never touched a terminal are getting stuff deployed: https://coopcloud.tech/blog/march-2026-equinox/
we (@varia) wrote some guides which might help: https://homebrewserver.club
there's a lot of stuff online but i know it's way nicer to meet people locally and do stuff together...
i can only wish you good luck with the search!
-
throwing this one online!
No Ansible, No LDAP: How to use single sign-on for app/server access across multiple servers: https://d1.hackers.moe/notes/no-ansible-no-ldap/
i've been looking into how small-scale community hosters might benefit from using single sign-on systems not only for web logins but also for server access management
please pipe all your unconstructive opsec rants to /dev/null
@d1 wow, this is pretty great! I have been looking for something like this, and even came across rauthy and PAM but it always looked much too complicated for me. Thanks a lot for this!
@jeppe if we ever get #Folkeføderation really going and need to administer SSH access to multiple servers this might be a good way to manage it. -
throwing this one online!
No Ansible, No LDAP: How to use single sign-on for app/server access across multiple servers: https://d1.hackers.moe/notes/no-ansible-no-ldap/
i've been looking into how small-scale community hosters might benefit from using single sign-on systems not only for web logins but also for server access management
please pipe all your unconstructive opsec rants to /dev/null
rauthy looks interesting. I might even write a nixos module so I can try it out.
As an aside, despite the learning curve, i think nix is a really good fit for community hosting. Everything is way less brittle and you can almost always roll back to a working config if something goes wrong in an update.
I know it doesn't use standard sysadmin tools, but building atomic deployments with standard tools is way more complicated, I think, than learning nix.
I'm not a system administrator and as I've tried to host stuff on my laptops, and such nix has been the thing that has taken the stress out of maintaining my own stuff.
-
@d1 wow, this is pretty great! I have been looking for something like this, and even came across rauthy and PAM but it always looked much too complicated for me. Thanks a lot for this!
@jeppe if we ever get #Folkeføderation really going and need to administer SSH access to multiple servers this might be a good way to manage it.@benjaminlj @d1 yes looks good!
