Erich Blume
d21798b1f3
## Summary - Create Dex reference card (`docs/reference/services/dex.md`) with quick reference, architecture, identity source, storage, OIDC clients, secrets, and endpoints - Write federated login explanation article (`docs/explanation/federated-login.md`) covering the Dex + Forgejo two-layer auth model, login flow, and break-glass access - Add Dex to `services-check` (HTTP health endpoint + k3s pod check) - Update Grafana docs with new Authentication section documenting SSO via Dex - Update Forgejo docs with OAuth2 Provider section documenting its role as upstream identity source - Add Dex to ringtail workloads table and reference service index - Move `adopt-oidc-provider` plan to `completed/` with final design reflecting actual implementation ## Test plan - [ ] `mise run services-check` passes (includes new Dex checks) - [ ] `docs-check-links` passes (all wiki-links resolve) - [ ] `docs-check-index` passes (new docs are indexed) Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/223
25 lines
601 B
Markdown
25 lines
601 B
Markdown
---
|
|
title: Explanation
|
|
modified: 2026-02-10
|
|
last-reviewed: 2026-02-10
|
|
tags:
|
|
- explanation
|
|
---
|
|
|
|
# Explanation
|
|
|
|
Understanding-oriented content explaining the "why" behind BlumeOps design decisions.
|
|
|
|
## Philosophy
|
|
|
|
| Article | Description |
|
|
|---------|-------------|
|
|
| [[why-gitops]] | Why infrastructure-as-code and GitOps for a homelab |
|
|
|
|
## Design
|
|
|
|
| Article | Description |
|
|
|---------|-------------|
|
|
| [[architecture]] | How all the pieces fit together |
|
|
| [[federated-login]] | How SSO works across BlumeOps (Dex + Forgejo) |
|
|
| [[security-model]] | Network security, secrets, and access control |
|