Hackeriet

User Tools

Site Tools

You are here: start » infra » services » hacker-id
infra:services:hacker-id

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
infra:services:hacker-id [2025/08/06 23:40] d404d_idp.hackeriet.noinfra:services:hacker-id [2025/08/13 21:24] (current) – [System setup] d404d_idp.hackeriet.no
Line 47: Line 47:
  
 <WRAP center round alert 60%> <WRAP center round alert 60%>
 +Mobilizon (events.hackeriet.no) uses your EMAIL for account bindings. It does not seem like we can change this.
 +
 +Please get someone to help you with updating your email in Mobilizon in order to avoid losing access to your account.
 +
 +When changing emails, you should keep your old primary email on-account as a secondary email.
 +</WRAP>
 +
 +<WRAP center round important 60%>
 Note that some applications (e.g. Netbox and Wiki) will not automatically update your profile data (e.g. username/email), but they WILL give you the same account on logon through SSO after such IDP changes. Note that some applications (e.g. Netbox and Wiki) will not automatically update your profile data (e.g. username/email), but they WILL give you the same account on logon through SSO after such IDP changes.
 </WRAP> </WRAP>
Line 68: Line 76:
 | ''service-dokuwiki-admins'' | ''hackeriet-styret'' | Administrative access to Dokuwiki | | ''service-dokuwiki-admins'' | ''hackeriet-styret'' | Administrative access to Dokuwiki |
 | ''service-dokuwiki-users'' | ''hackeriet-styret'' | Login as regular users to Dokuwiki | | ''service-dokuwiki-users'' | ''hackeriet-styret'' | Login as regular users to Dokuwiki |
-| ''service-hedgedoc-users'' | ''nettlaug-operators'' | Logon rights to pad2.hackeriet.no |+| ''service-hedgedoc-users'' | ''nettlaug-operators'' | Logon rights to pad.hackeriet.no |
 | ''service-idp-sysops'' | ''d404d@idp.hackeriet.no'' | Administrative privileges to Hacker-ID (Kanidm, SSH, sudo, and docker) | | ''service-idp-sysops'' | ''d404d@idp.hackeriet.no'' | Administrative privileges to Hacker-ID (Kanidm, SSH, sudo, and docker) |
 | ''service-librenms-users'' | ''nettlaug-operators'' | Logon rights to nms.hackeriet.no | | ''service-librenms-users'' | ''nettlaug-operators'' | Logon rights to nms.hackeriet.no |
Line 149: Line 157:
   * Located in ''/srv/kanidm''   * Located in ''/srv/kanidm''
     * One docker compose stack with Traefik (for certificate issuance as LE needs this in-line) and Kanidm     * One docker compose stack with Traefik (for certificate issuance as LE needs this in-line) and Kanidm
 +    * [[https://ip.hackeriet.no/ipam/prefixes/48/prefixes/|Dedicated v6 subnet]] defined in compose and in /etc/docker/daemon.json in order for XFF mapping to work properly
     * Communication between the two are encrypted using a self-signed certificate (Kanidm requires last-hop encryption)     * Communication between the two are encrypted using a self-signed certificate (Kanidm requires last-hop encryption)
     * Created user and group "kanidm" in the host, which will represent the kanidm container's resources. Rights configured according to https://kanidm.github.io/kanidm/stable/security_hardening.html#security-hardening     * Created user and group "kanidm" in the host, which will represent the kanidm container's resources. Rights configured according to https://kanidm.github.io/kanidm/stable/security_hardening.html#security-hardening
/srv/hackeriet-wiki/dokuwiki/data/attic/infra/services/hacker-id.1754523635.txt.gz · Last modified: by d404d_idp.hackeriet.no