eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/docs/how-to/plans/plans.md
Erich Blume d21798b1f3 Document Dex OIDC and add services-check integration (#223) 
## Summary
- Create Dex reference card (`docs/reference/services/dex.md`) with quick reference, architecture, identity source, storage, OIDC clients, secrets, and endpoints
- Write federated login explanation article (`docs/explanation/federated-login.md`) covering the Dex + Forgejo two-layer auth model, login flow, and break-glass access
- Add Dex to `services-check` (HTTP health endpoint + k3s pod check)
- Update Grafana docs with new Authentication section documenting SSO via Dex
- Update Forgejo docs with OAuth2 Provider section documenting its role as upstream identity source
- Add Dex to ringtail workloads table and reference service index
- Move `adopt-oidc-provider` plan to `completed/` with final design reflecting actual implementation

## Test plan
- [ ] `mise run services-check` passes (includes new Dex checks)
- [ ] `docs-check-links` passes (all wiki-links resolve)
- [ ] `docs-check-index` passes (new docs are indexed)

Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/223
2026-02-19 20:44:23 -08:00

1.4 KiB
Raw Blame History

title modified tags
Plans 2026-02-14
how-to
plans

Plans

Migration and transition plans for upcoming infrastructure changes. Each plan is a how-to document that captures the full context, steps, and verification criteria for a future execution session.

Plans differ from regular how-to guides in that they describe work that has been designed but not yet executed. Once a plan is completed, it moves to completed.

Plan Status Description
migrate-forgejo-from-brew Planned Transition Forgejo from Homebrew to source-built binary with LaunchAgent
add-unifi-pulumi-stack Abandoned Add Pulumi IaC for UniFi Express 7 (provider bugs — see doc)
upstream-fork-strategy Planned Stacked-branch forking strategy for tracking upstream projects
adopt-oidc-provider Completed Deploy OIDC identity provider for SSO across services
harden-zot-registry Planned Add authentication and tag immutability to zot registry
forgejo-actions-dashboard Planned Grafana dashboard and custom Prometheus exporter for Forgejo Actions CI metrics
upgrade-grafana-helm-chart Planned Upgrade Grafana Helm chart from 8.8.2 to 11.x (3 phases)
operationalize-reolink-camera Planned Cloud-free NVR with Frigate, object detection, and ring buffer recording to sifaka