Erich Blume 07fb48626d Add Authentik SSO integration for Jellyfin (#239) ... ## Summary - Add Authentik OIDC provider + application for Jellyfin via blueprint (all authenticated users allowed, no policy binding) - Wire `jellyfin-client-secret` through ExternalSecret and Authentik worker deployment - Install [jellyfin-plugin-sso](https://github.com/9p4/jellyfin-plugin-sso) v4.0.0.3 via Ansible, with OIDC config template - Authentik `admins` group maps to Jellyfin administrator role - Local login left enabled; SSO is additive ## Deployment and Testing - [ ] Sync ArgoCD `authentik` app on branch — verify provider + application appear in Authentik admin - [ ] `mise run provision-indri -- --tags jellyfin --check --diff` (dry run) - [ ] `mise run provision-indri -- --tags jellyfin` (deploy plugin + config) - [ ] Test SSO flow: `https://jellyfin.ops.eblu.me/sso/OID/start/authentik` - [ ] Verify `eblume` account auto-links via `preferred_username` match - [ ] Verify admins group → Jellyfin admin - [ ] Reset ArgoCD app revision to main after merge 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/239		2026-02-21 20:05:44 -08:00
..
changelog.d	Add Authentik SSO integration for Jellyfin (#239)	2026-02-21 20:05:44 -08:00
explanation	Integrate Forgejo with Authentik OIDC (#228)	2026-02-20 17:39:50 -08:00
how-to	Docs pass: update zot Mikado chain for completion	2026-02-21 15:32:34 -08:00
reference	Docs pass: update zot Mikado chain for completion	2026-02-21 15:32:34 -08:00
tutorials	Adopt commit-based container tags (#232)	2026-02-20 22:56:20 -08:00
index.md	Fix frontmatter field name for Quartz date display (#158)	2026-02-11 16:45:12 -08:00
quartz.config.ts	Move zk cards to docs/zk/ for documentation restructuring (#84)	2026-02-03 09:13:50 -08:00
quartz.layout.ts	Move zk cards to docs/zk/ for documentation restructuring (#84)	2026-02-03 09:13:50 -08:00