From 52d8e40348c0bc6f31e7f91b184a099d19e20c10 Mon Sep 17 00:00:00 2001 From: Pieter Date: Tue, 20 Jan 2026 20:19:04 +0100 Subject: [PATCH] docs: Remove Zitadel references and update documentation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Replace all Zitadel references with Authentik in README files - Update example configurations to use authentik instead of zitadel - Remove reference to deleted PROJECT_REFERENCE.md - Update clients/README.md to reflect actual available scripts - Update secrets documentation with correct variable names All documentation now accurately reflects current infrastructure using Authentik as the identity provider. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- README.md | 1 - ansible/README.md | 13 ++++++------- clients/README.md | 42 ++++++++++++++---------------------------- secrets/README.md | 8 ++++---- tofu/README.md | 4 ++-- 5 files changed, 26 insertions(+), 42 deletions(-) diff --git a/README.md b/README.md index 18766c8..1912bf1 100644 --- a/README.md +++ b/README.md @@ -144,7 +144,6 @@ See [scripts/README.md](scripts/README.md) for detailed documentation. ## 📖 Documentation -- **[PROJECT_REFERENCE.md](PROJECT_REFERENCE.md)** - Essential information and common operations - **[scripts/README.md](scripts/README.md)** - Management scripts documentation - **[AUTOMATION_STATUS.md](docs/AUTOMATION_STATUS.md)** - Full automation details - [Architecture Decision Record](docs/architecture-decisions.md) - Complete design rationale diff --git a/ansible/README.md b/ansible/README.md index 251c743..3cf9ab8 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -84,7 +84,7 @@ ansible/ │ ├── common/ # Base system hardening │ ├── docker/ # Docker + Docker Compose │ ├── traefik/ # Reverse proxy -│ ├── zitadel/ # Identity provider +│ ├── authentik/ # Identity provider (OAuth2/OIDC SSO) │ ├── nextcloud/ # File sync/share │ └── backup/ # Restic backup └── group_vars/ # Group variables @@ -120,8 +120,8 @@ Reverse proxy with automatic SSL: - HTTP to HTTPS redirection - Dashboard (optional) -### zitadel -Identity provider deployment (see Zitadel Agent for details) +### authentik +Identity provider deployment (OAuth2/OIDC SSO) ### nextcloud File sync/share deployment (see Nextcloud Agent for details) @@ -273,10 +273,9 @@ ansible-playbook playbooks/setup.yml -vvv # Very verbose ## Next Steps After initial setup: -1. Deploy Zitadel: Follow Zitadel Agent instructions -2. Deploy Nextcloud: Follow Nextcloud Agent instructions -3. Configure backups: Use `backup` role -4. Set up monitoring: Configure Uptime Kuma +1. Deploy applications: Run `playbooks/deploy.yml` to deploy Authentik and Nextcloud +2. Configure backups: Use `backup` role +3. Set up monitoring: Configure Uptime Kuma ## Resources diff --git a/clients/README.md b/clients/README.md index b6433c5..e7cdd5e 100644 --- a/clients/README.md +++ b/clients/README.md @@ -17,21 +17,13 @@ All scripts are located in [`../scripts/`](../scripts/): ### View Clients +View the registry directly: ```bash -# List all clients -../scripts/list-clients.sh +# View full registry +cat registry.yml -# Filter by status -../scripts/list-clients.sh --status=deployed - -# Filter by role -../scripts/list-clients.sh --role=canary - -# Different formats -../scripts/list-clients.sh --format=table # Default -../scripts/list-clients.sh --format=json # JSON -../scripts/list-clients.sh --format=csv # CSV export -../scripts/list-clients.sh --format=summary # Statistics +# View specific client (requires yq) +yq eval '.clients.dev' registry.yml ``` ### View Client Details @@ -48,10 +40,7 @@ The registry is **automatically updated** by deployment scripts: - `rebuild-client.sh` - Updates entry on rebuild - `destroy-client.sh` - Marks as destroyed -For manual updates: -```bash -../scripts/update-registry.sh [options] -``` +For manual updates, edit `registry.yml` directly. ## Registry Structure @@ -76,20 +65,17 @@ The `dev` client has role `canary` and is used for testing: # 2. Verify it works ../scripts/client-status.sh dev -# 3. Roll out to production -for client in $(../scripts/list-clients.sh --role=production --format=csv | tail -n +2 | cut -d, -f1); do - ../scripts/rebuild-client.sh "$client" -done +# 3. Roll out to production clients manually +# Review registry.yml for production clients, then rebuild each one ``` -## Documentation +## Registry Structure Details -See [docs/client-registry.md](../docs/client-registry.md) for: -- Complete registry structure reference -- Management script usage -- Best practices -- Integration examples -- Troubleshooting guide +The `registry.yml` file uses YAML format with the following structure: +- Complete registry structure reference in the file itself +- Client lifecycle states and metadata +- Server specifications and IP addresses +- Deployment timestamps and version tracking ## Requirements diff --git a/secrets/README.md b/secrets/README.md index 3d0e7f5..45f1565 100644 --- a/secrets/README.md +++ b/secrets/README.md @@ -104,7 +104,7 @@ openssl rand -base64 32 # Random 24-character password openssl rand -base64 24 -# Zitadel masterkey (32-byte hex) +# Random hex string (32-byte, 64 characters) openssl rand -hex 32 ``` @@ -121,7 +121,7 @@ Ansible automatically decrypts SOPS files using the `community.sops` collection. - name: Use decrypted secret debug: - msg: "DB Password: {{ client_secrets.zitadel_db_password }}" + msg: "DB Password: {{ client_secrets.authentik_db_password }}" ``` **Environment variable required:** @@ -141,9 +141,9 @@ Contains secrets shared across all infrastructure: ### clients/*.sops.yaml Per-client secrets: -- Database passwords (Zitadel, Nextcloud) +- Database passwords (Authentik, Nextcloud) - Admin passwords -- Zitadel masterkey +- Secret keys and tokens - Restic repository password - OIDC credentials (after generation) diff --git a/tofu/README.md b/tofu/README.md index 953fc46..cb59e40 100644 --- a/tofu/README.md +++ b/tofu/README.md @@ -67,7 +67,7 @@ clients = { server_type = "cx22" # 2 vCPU, 4 GB RAM - €6.25/month location = "fsn1" # Falkenstein, Germany subdomain = "test" # Will create test.your-domain.com - apps = ["zitadel", "nextcloud"] + apps = ["authentik", "nextcloud"] } } @@ -152,7 +152,7 @@ clients = { server_type = "cx22" location = "fsn1" subdomain = "newclient" - apps = ["zitadel", "nextcloud"] + apps = ["authentik", "nextcloud"] } } ```