eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/docs/how-to/plans/plans.md
Erich Blume 71cb256527 Deploy Authentik identity provider (C2 Mikado) (#227) 
## Summary
C2 Mikado chain for deploying Authentik as the SSO identity provider, replacing Dex.

This PR will evolve over multiple sessions. Each iteration adds documentation (prerequisite cards) and eventually code as leaf nodes are resolved.

## Current Mikado State
- **Goal:** `deploy-authentik` (active)
- **Leaf prerequisites:**
  - `build-authentik-container` — Build Nix container image
  - `provision-authentik-database` — Create PostgreSQL database on CNPG cluster
  - `create-authentik-secrets` — Create 1Password item with credentials

## Process refinements
- Updated agent-change-process with lessons from first attempt: reset code before committing cards, open PRs early

## Test plan
- [ ] `mise run docs-mikado` shows correct dependency chain
- [ ] Leaf nodes can be worked independently
- [ ] Container builds on ringtail
- [ ] Authentik starts and reaches healthy state
- [ ] Forgejo OAuth2 connector works

Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/227
2026-02-20 12:55:59 -08:00

1.5 KiB
Raw Blame History

title modified tags
Plans 2026-02-20
how-to
plans

Plans

Migration and transition plans for upcoming infrastructure changes. Each plan is a how-to document that captures the full context, steps, and verification criteria for a future execution session.

Plans differ from regular how-to guides in that they describe work that has been designed but not yet executed. Once a plan is completed, it moves to completed.

Plan Status Description
migrate-forgejo-from-brew Planned Transition Forgejo from Homebrew to source-built binary with LaunchAgent
add-unifi-pulumi-stack Abandoned Add Pulumi IaC for UniFi Express 7 (provider bugs — see doc)
upstream-fork-strategy Planned Stacked-branch forking strategy for tracking upstream projects
adopt-oidc-provider Completed Deploy OIDC identity provider for SSO across services
harden-zot-registry Planned Add authentication and tag immutability to zot registry
forgejo-actions-dashboard Planned Grafana dashboard and custom Prometheus exporter for Forgejo Actions CI metrics
upgrade-grafana-helm-chart Planned Upgrade Grafana Helm chart from 8.8.2 to 11.x (3 phases)
deploy-authentik Active (C2) Deploy Authentik IdP — Mikado chain tracked in how-to/authentik/
operationalize-reolink-camera Planned Cloud-free NVR with Frigate, object detection, and ring buffer recording to sifaka