Post-Tyranny-Tech-Infrastructure

Post-X-Society/Post-Tyranny-Tech-Infrastructure

Fork 0

Commit graph

Author	SHA1	Message	Date
Pieter	c1c690c565	feat: Add complete email configuration automation This commit adds comprehensive email configuration for both Authentik and Nextcloud, integrated with Mailgun SMTP credentials. Features Added: - Mailgun role integration in deploy.yml playbook - Authentik email configuration display task - Nextcloud SMTP configuration with admin email setup - Infrastructure prerequisite checking in deploy playbook Changes: - deploy.yml: Added Mailgun role and base infrastructure check - authentik/tasks/email.yml: Display email configuration status - authentik/tasks/main.yml: Include email task when credentials exist - nextcloud/tasks/email.yml: Configure SMTP and admin email - nextcloud/tasks/main.yml: Include email task when credentials exist This ensures: ✓ Mailgun SMTP credentials are created/loaded automatically ✓ Authentik email works via docker-compose environment variables ✓ Nextcloud SMTP is configured via occ commands ✓ Admin email address is set automatically ✓ Email works immediately on new deployments 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2026-01-13 10:39:26 +01:00
Pieter	a5fe631717	feat: Complete Authentik SSO integration with automated OIDC setup ## Changes ### Identity Provider (Authentik) - ✅ Deployed Authentik 2025.10.3 as identity provider - ✅ Configured automatic bootstrap with admin account (akadmin) - ✅ Fixed OIDC provider creation with correct redirect_uris format - ✅ Added automated OAuth2/OIDC provider configuration for Nextcloud - ✅ API-driven provider setup eliminates manual configuration ### Nextcloud Configuration - ✅ Fixed reverse proxy header configuration (trusted_proxies) - ✅ Added missing database indices (fs_storage_path_prefix) - ✅ Ran mimetype migrations for proper file type handling - ✅ Verified PHP upload limits (16GB upload_max_filesize) - ✅ Configured OIDC integration with Authentik - ✅ "Login with Authentik" button auto-configured ### Automation Scripts - ✅ Added deploy-client.sh for automated client deployment - ✅ Added rebuild-client.sh for infrastructure rebuild - ✅ Added destroy-client.sh for cleanup - ✅ Full deployment now takes ~10-15 minutes end-to-end ### Documentation - ✅ Updated README with automated deployment instructions - ✅ Added SSO automation workflow documentation - ✅ Added automation status tracking - ✅ Updated project reference with Authentik details ### Technical Fixes - Fixed Authentik API redirect_uris format (requires list of dicts with matching_mode) - Fixed Nextcloud OIDC command (user_oidc:provider not user_oidc:provider:add) - Fixed file lookup in Ansible (changed to slurp for remote files) - Updated Traefik to v3.6 for Docker API 1.44 compatibility - Improved error handling in app installation tasks ## Security - All credentials stored in SOPS-encrypted secrets - Trusted proxy configuration prevents IP spoofing - Bootstrap tokens auto-generated and secured ## Result Fully automated SSO deployment - no manual configuration required! 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2026-01-08 16:56:19 +01:00
Pieter	20856f7f18	Add Authentik identity provider to architecture Added Authentik as the identity provider for SSO authentication: Why Authentik: - MIT license (truly open source, most permissive) - Simple Docker Compose deployment (no manual wizards) - Lightweight Python-based architecture - Comprehensive protocol support (SAML, OAuth2/OIDC, LDAP, RADIUS) - No Redis required as of v2025.10 (all caching in PostgreSQL) - Active development and strong community Implementation: - Created complete Authentik Ansible role - Docker Compose with server + worker architecture - PostgreSQL 16 database backend - Traefik integration with Let's Encrypt SSL - Bootstrap tasks for initial setup guidance - Health checks and proper service dependencies Architecture decisions updated: - Documented comparison: Authentik vs Zitadel vs Keycloak - Explained Zitadel removal (FirstInstance bugs) - Added deployment example and configuration notes Next steps: - Update documentation (PROJECT_REFERENCE.md, README.md) - Create Authentik agent configuration - Add secrets template - Test deployment on test server 🤖 Generated with Claude Code Co-Authored-By: Claude <noreply@anthropic.com>	2026-01-07 11:23:13 +01:00

Author

SHA1

Message

Date

Pieter

c1c690c565

feat: Add complete email configuration automation

This commit adds comprehensive email configuration for both Authentik
and Nextcloud, integrated with Mailgun SMTP credentials.

Features Added:
- Mailgun role integration in deploy.yml playbook
- Authentik email configuration display task
- Nextcloud SMTP configuration with admin email setup
- Infrastructure prerequisite checking in deploy playbook

Changes:
- deploy.yml: Added Mailgun role and base infrastructure check
- authentik/tasks/email.yml: Display email configuration status
- authentik/tasks/main.yml: Include email task when credentials exist
- nextcloud/tasks/email.yml: Configure SMTP and admin email
- nextcloud/tasks/main.yml: Include email task when credentials exist

This ensures:
✓ Mailgun SMTP credentials are created/loaded automatically
✓ Authentik email works via docker-compose environment variables
✓ Nextcloud SMTP is configured via occ commands
✓ Admin email address is set automatically
✓ Email works immediately on new deployments

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2026-01-13 10:39:26 +01:00

Pieter

a5fe631717

feat: Complete Authentik SSO integration with automated OIDC setup

## Changes

### Identity Provider (Authentik)
- ✅ Deployed Authentik 2025.10.3 as identity provider
- ✅ Configured automatic bootstrap with admin account (akadmin)
- ✅ Fixed OIDC provider creation with correct redirect_uris format
- ✅ Added automated OAuth2/OIDC provider configuration for Nextcloud
- ✅ API-driven provider setup eliminates manual configuration

### Nextcloud Configuration
- ✅ Fixed reverse proxy header configuration (trusted_proxies)
- ✅ Added missing database indices (fs_storage_path_prefix)
- ✅ Ran mimetype migrations for proper file type handling
- ✅ Verified PHP upload limits (16GB upload_max_filesize)
- ✅ Configured OIDC integration with Authentik
- ✅ "Login with Authentik" button auto-configured

### Automation Scripts
- ✅ Added deploy-client.sh for automated client deployment
- ✅ Added rebuild-client.sh for infrastructure rebuild
- ✅ Added destroy-client.sh for cleanup
- ✅ Full deployment now takes ~10-15 minutes end-to-end

### Documentation
- ✅ Updated README with automated deployment instructions
- ✅ Added SSO automation workflow documentation
- ✅ Added automation status tracking
- ✅ Updated project reference with Authentik details

### Technical Fixes
- Fixed Authentik API redirect_uris format (requires list of dicts with matching_mode)
- Fixed Nextcloud OIDC command (user_oidc:provider not user_oidc:provider:add)
- Fixed file lookup in Ansible (changed to slurp for remote files)
- Updated Traefik to v3.6 for Docker API 1.44 compatibility
- Improved error handling in app installation tasks

## Security
- All credentials stored in SOPS-encrypted secrets
- Trusted proxy configuration prevents IP spoofing
- Bootstrap tokens auto-generated and secured

## Result
Fully automated SSO deployment - no manual configuration required!

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2026-01-08 16:56:19 +01:00

Pieter

20856f7f18

Add Authentik identity provider to architecture

Added Authentik as the identity provider for SSO authentication:

Why Authentik:
- MIT license (truly open source, most permissive)
- Simple Docker Compose deployment (no manual wizards)
- Lightweight Python-based architecture
- Comprehensive protocol support (SAML, OAuth2/OIDC, LDAP, RADIUS)
- No Redis required as of v2025.10 (all caching in PostgreSQL)
- Active development and strong community

Implementation:
- Created complete Authentik Ansible role
- Docker Compose with server + worker architecture
- PostgreSQL 16 database backend
- Traefik integration with Let's Encrypt SSL
- Bootstrap tasks for initial setup guidance
- Health checks and proper service dependencies

Architecture decisions updated:
- Documented comparison: Authentik vs Zitadel vs Keycloak
- Explained Zitadel removal (FirstInstance bugs)
- Added deployment example and configuration notes

Next steps:
- Update documentation (PROJECT_REFERENCE.md, README.md)
- Create Authentik agent configuration
- Add secrets template
- Test deployment on test server

🤖 Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>

2026-01-07 11:23:13 +01:00

3 commits