Hackeriet

User Tools

Site Tools

You are here: start » infra » services » hacker-id
infra:services:hacker-id

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
infra:services:hacker-id [2025/08/02 04:10] – [Changing account name/display name/email] d404d_idp.hackeriet.noinfra:services:hacker-id [2025/08/13 21:24] (current) – [System setup] d404d_idp.hackeriet.no
Line 47: Line 47:
  
 <WRAP center round alert 60%> <WRAP center round alert 60%>
-Note that some applications (e.gNetbox and Wikiwill not automatically update your profile data (e.gusername/email)but they WILL give you the same account on logon through SSO after such IDP changes.+Mobilizon (events.hackeriet.nouses your EMAIL for account bindingsIt does not seem like we can change this. 
 + 
 +Please get someone to help you with updating your email in Mobilizon in order to avoid losing access to your account. 
 + 
 +When changing emails, you should keep your old primary email on-account as a secondary email.
 </WRAP> </WRAP>
  
 +<WRAP center round important 60%>
 +Note that some applications (e.g. Netbox and Wiki) will not automatically update your profile data (e.g. username/email), but they WILL give you the same account on logon through SSO after such IDP changes.
 +</WRAP>
  
 You can also rename and update your account profile using the CLI: You can also rename and update your account profile using the CLI:
Line 69: Line 76:
 | ''service-dokuwiki-admins'' | ''hackeriet-styret'' | Administrative access to Dokuwiki | | ''service-dokuwiki-admins'' | ''hackeriet-styret'' | Administrative access to Dokuwiki |
 | ''service-dokuwiki-users'' | ''hackeriet-styret'' | Login as regular users to Dokuwiki | | ''service-dokuwiki-users'' | ''hackeriet-styret'' | Login as regular users to Dokuwiki |
 +| ''service-hedgedoc-users'' | ''nettlaug-operators'' | Logon rights to pad.hackeriet.no |
 | ''service-idp-sysops'' | ''d404d@idp.hackeriet.no'' | Administrative privileges to Hacker-ID (Kanidm, SSH, sudo, and docker) | | ''service-idp-sysops'' | ''d404d@idp.hackeriet.no'' | Administrative privileges to Hacker-ID (Kanidm, SSH, sudo, and docker) |
-| ''service-hedgedoc-users'' | ''nettlaug-operators'' | Logon rights to pad2.hackeriet.no |+| ''service-librenms-users'' | ''nettlaug-operators'' | Logon rights to nms.hackeriet.no |
 | ''service-netbox-staff'' | ''nettlaug-operators'' | Django staff rights in Netbox | | ''service-netbox-staff'' | ''nettlaug-operators'' | Django staff rights in Netbox |
 | ''service-netbox-superusers'' | ''nettlaug-operators'' | Django superuser rights in Netbox | | ''service-netbox-superusers'' | ''nettlaug-operators'' | Django superuser rights in Netbox |
Line 149: Line 157:
   * Located in ''/srv/kanidm''   * Located in ''/srv/kanidm''
     * One docker compose stack with Traefik (for certificate issuance as LE needs this in-line) and Kanidm     * One docker compose stack with Traefik (for certificate issuance as LE needs this in-line) and Kanidm
 +    * [[https://ip.hackeriet.no/ipam/prefixes/48/prefixes/|Dedicated v6 subnet]] defined in compose and in /etc/docker/daemon.json in order for XFF mapping to work properly
     * Communication between the two are encrypted using a self-signed certificate (Kanidm requires last-hop encryption)     * Communication between the two are encrypted using a self-signed certificate (Kanidm requires last-hop encryption)
     * Created user and group "kanidm" in the host, which will represent the kanidm container's resources. Rights configured according to https://kanidm.github.io/kanidm/stable/security_hardening.html#security-hardening     * Created user and group "kanidm" in the host, which will represent the kanidm container's resources. Rights configured according to https://kanidm.github.io/kanidm/stable/security_hardening.html#security-hardening
/srv/hackeriet-wiki/dokuwiki/data/attic/infra/services/hacker-id.1754107808.txt.gz · Last modified: by d404d_idp.hackeriet.no