Erich Blume 71cb256527 Deploy Authentik identity provider (C2 Mikado) (#227) ... ## Summary C2 Mikado chain for deploying Authentik as the SSO identity provider, replacing Dex. This PR will evolve over multiple sessions. Each iteration adds documentation (prerequisite cards) and eventually code as leaf nodes are resolved. ## Current Mikado State - **Goal:** `deploy-authentik` (active) - **Leaf prerequisites:** - `build-authentik-container` — Build Nix container image - `provision-authentik-database` — Create PostgreSQL database on CNPG cluster - `create-authentik-secrets` — Create 1Password item with credentials ## Process refinements - Updated agent-change-process with lessons from first attempt: reset code before committing cards, open PRs early ## Test plan - [ ] `mise run docs-mikado` shows correct dependency chain - [ ] Leaf nodes can be worked independently - [ ] Container builds on ringtail - [ ] Authentik starts and reaches healthy state - [ ] Forgejo OAuth2 connector works Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/227		2026-02-20 12:55:59 -08:00
..
ai-docs	Add agent change process (C0/C1/C2) and docs-mikado tool (#225)	2026-02-20 08:15:20 -08:00
blumeops-tasks	Fix blumeops-tasks for Todoist API v1 migration (#155)	2026-02-11 14:33:37 -08:00
container-list	Nix container build for nettest (#214)	2026-02-19 08:42:58 -08:00
container-tag-and-release	Nix container build for nettest (#214)	2026-02-19 08:42:58 -08:00
dns-preview	Add plan and reference card for UniFi Express 7 Pulumi stack (#145)	2026-02-10 15:36:13 -08:00
dns-up	Add plan and reference card for UniFi Express 7 Pulumi stack (#145)	2026-02-10 15:36:13 -08:00
docs-check-filenames	Rename doc-* mise tasks to docs-check-* / docs-review-* (#113)	2026-02-06 07:08:46 -08:00
docs-check-frontmatter	Add agent change process (C0/C1/C2) and docs-mikado tool (#225)	2026-02-20 08:15:20 -08:00
docs-check-index	Rename doc-* mise tasks to docs-check-* / docs-review-* (#113)	2026-02-06 07:08:46 -08:00
docs-check-links	docs/expose-service-publicly pt2 - fly.io (#119)	2026-02-08 00:38:27 -08:00
docs-mikado	Add agent change process (C0/C1/C2) and docs-mikado tool (#225)	2026-02-20 08:15:20 -08:00
docs-review	Add docs-review task with last-reviewed frontmatter tracking (#129)	2026-02-09 07:29:45 -08:00
docs-review-stale	Rename doc-* mise tasks to docs-check-* / docs-review-* (#113)	2026-02-06 07:08:46 -08:00
docs-review-tags	Rename doc-* mise tasks to docs-check-* / docs-review-* (#113)	2026-02-06 07:08:46 -08:00
ensure-k3s-ringtail-kubectl-config	Add k3s, 1Password Connect, and systemd nix-container-builder to ringtail (#209)	2026-02-18 21:15:30 -08:00
ensure-minikube-indri-kubectl-config	P5.1: Migrate minikube from podman to QEMU2 driver (#38)	2026-01-21 16:03:37 -08:00
fly-deploy	Add Fly.io public reverse proxy for docs.eblu.me (#120)	2026-02-08 02:36:19 -08:00
fly-setup	Expose CV publicly at cv.eblu.me (#173)	2026-02-12 14:05:00 -08:00
fly-shutoff	Add Fly.io public reverse proxy for docs.eblu.me (#120)	2026-02-08 02:36:19 -08:00
indri-runner-logs	Add Caddy layer4 for Forgejo SSH (#56)	2026-01-25 11:37:23 -08:00
op-backup	Add how-to guide for restoring 1Password backup from borgmatic (#141)	2026-02-10 10:55:00 -08:00
pr-comments	Add Caddy layer4 for Forgejo SSH (#56)	2026-01-25 11:37:23 -08:00
provision-indri	Set MISE_TASK_OUTPUT=interleave in provision-indri	2026-01-14 14:15:11 -08:00
provision-ringtail	Fix provision-ringtail ls-remote matching with mirror refs	2026-02-18 21:22:46 -08:00
provision-sifaka	Operations and observability for sifaka NAS (#135)	2026-02-09 17:44:05 -08:00
service-review	Add service version review system (#196)	2026-02-16 17:02:56 -08:00
services-check	Deploy Authentik identity provider (C2 Mikado) (#227)	2026-02-20 12:55:59 -08:00
tailnet-preview	Add plan and reference card for UniFi Express 7 Pulumi stack (#145)	2026-02-10 15:36:13 -08:00
tailnet-up	Add plan and reference card for UniFi Express 7 Pulumi stack (#145)	2026-02-10 15:36:13 -08:00