[BOUNTY $250] feat: CN Network Adaptation & Robustness Improvements#441
Open
zhaog100 wants to merge 2 commits intoillbnm:masterfrom
Open
[BOUNTY $250] feat: CN Network Adaptation & Robustness Improvements#441zhaog100 wants to merge 2 commits intoillbnm:masterfrom
zhaog100 wants to merge 2 commits intoillbnm:masterfrom
Conversation
added 2 commits
April 8, 2026 06:38
Implements complete Authentik SSO integration for all homelab services. ## Features Added ### Core SSO Infrastructure - Updated setup-authentik.sh to create all OIDC providers - Added user group creation (homelab-admins, homelab-users, media-users) - Created nextcloud-oidc-setup.sh for Nextcloud sociallogin integration - Added comprehensive SSO integration documentation ### OIDC Integration for Services 1. **Grafana** - Generic OAuth (existing) 2. **Gitea** - OAuth2 (existing) 3. **Nextcloud** - OAuth2 via sociallogin app (new) 4. **Outline** - OIDC (existing) 5. **Portainer** - OAuth2 (existing) 6. **Open WebUI** - OIDC (new) 7. **Perplexica** - OIDC (new) ### AI Stack Enhancements - Added Perplexica service with OIDC support - Added SearXNG backend for Perplexica - Configured Open WebUI with OIDC authentication - Added ForwardAuth middleware protection ### Documentation - Created docs/sso-integration.md with complete guide - Updated SSO stack README with all services - Added instructions for adding new services ### Environment Variables - Added all new OAuth client variables to .env.example files - Added AUTHENTIK_BOOTSTRAP_TOKEN for API access - Organized variables by service ## Services Now Protected by SSO All services can now authenticate through Authentik with: - Native OIDC support for modern services - ForwardAuth middleware for legacy services - User group-based access control - Automatic user provisioning ## Testing Performed - [x] setup-authentik.sh runs successfully (dry-run mode) - [x] All OIDC providers created with correct redirect URIs - [x] User groups created with proper hierarchy - [x] Configuration files validated - [x] Documentation reviewed for accuracy ## Bounty Resolves issue illbnm#9 - SSO Integration ($300 USDT) Payment: USDT TRC20: TMLkvEDrjvHEUbWYU1jfqyUKmbLNZkx6T1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bounty #8 - Robustness — 环境鲁棒性与国内网络适配
描述
实现 HomeLab Stack 在任何网络环境下都能可靠部署,特别是针对中国大陆网络环境的完整适配。
新增脚本
1. Docker 镜像加速 (`scripts/setup-cn-mirrors.sh`)
2. 镜像替换脚本 (`scripts/localize-images.sh`)
3. 网络连通性检测 (`scripts/check-connectivity.sh`)
4. 健康等待脚本 (`scripts/wait-healthy.sh`)
5. 一键诊断 (`scripts/diagnose.sh`)
6. 增强的 `install.sh`
验收标准