nix-config/hosts/auth/README.md

# Design

We are using [portunus](https://github.com/majewsky/portunus) to manage an OpenLDAP server
and currently [dex](https://dexidp.io/) to offer OIDC.
Dex might be replaced in the future with an equivalent solution that can remember sessions to have true SSO.
New services should use OAuth/OIDC if possible to lay the groundwork for SSO.
If the application only support LDAP, that is also fine to use.

# How to use it

See the grafana configuration to see an example on how to use OAuth.
To create a new application edit the dex configuration next to portunus.
The aplication credentials are saved in sops.

For an exmaple ldap configuration see the gitea, hydra or mail.
The ldap settings are documented in portunus in detail.
To connect to `auth.c3d2.de` the nixos-modules option `services.portunus.addToHosts` should be set to true.
Add some documentation 2022-12-25 23:57:01 +01:00			`# Design`

			`We are using [portunus](https://github.com/majewsky/portunus) to manage an OpenLDAP server`
			`and currently [dex](https://dexidp.io/) to offer OIDC.`
			`Dex might be replaced in the future with an equivalent solution that can remember sessions to have true SSO.`
			`New services should use OAuth/OIDC if possible to lay the groundwork for SSO.`
			`If the application only support LDAP, that is also fine to use.`

			`# How to use it`

			`See the grafana configuration to see an example on how to use OAuth.`
			`To create a new application edit the dex configuration next to portunus.`
			`The aplication credentials are saved in sops.`

The big mail bang 2024-04-12 20:37:42 +02:00			`For an exmaple ldap configuration see the gitea, hydra or mail.`
Add some documentation 2022-12-25 23:57:01 +01:00			`The ldap settings are documented in portunus in detail.`
			To connect to `auth.c3d2.de` the nixos-modules option `services.portunus.addToHosts` should be set to true.