Erich Blume
d21798b1f3
## Summary - Create Dex reference card (`docs/reference/services/dex.md`) with quick reference, architecture, identity source, storage, OIDC clients, secrets, and endpoints - Write federated login explanation article (`docs/explanation/federated-login.md`) covering the Dex + Forgejo two-layer auth model, login flow, and break-glass access - Add Dex to `services-check` (HTTP health endpoint + k3s pod check) - Update Grafana docs with new Authentication section documenting SSO via Dex - Update Forgejo docs with OAuth2 Provider section documenting its role as upstream identity source - Add Dex to ringtail workloads table and reference service index - Move `adopt-oidc-provider` plan to `completed/` with final design reflecting actual implementation ## Test plan - [ ] `mise run services-check` passes (includes new Dex checks) - [ ] `docs-check-links` passes (all wiki-links resolve) - [ ] `docs-check-index` passes (new docs are indexed) Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/223
601 B
601 B
| title | modified | last-reviewed | tags | |
|---|---|---|---|---|
| Explanation | 2026-02-10 | 2026-02-10 |
|
Explanation
Understanding-oriented content explaining the "why" behind BlumeOps design decisions.
Philosophy
| Article | Description |
|---|---|
| why-gitops | Why infrastructure-as-code and GitOps for a homelab |
Design
| Article | Description |
|---|---|
| architecture | How all the pieces fit together |
| federated-login | How SSO works across BlumeOps (Dex + Forgejo) |
| security-model | Network security, secrets, and access control |