Hackeriet

User Tools

Site Tools

You are here: start » infra » services » hacker-id
infra:services:hacker-id

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
infra:services:hacker-id [2025/08/07 20:14] d404d_idp.hackeriet.noinfra:services:hacker-id [2026/03/17 14:51] (current) – [Hacker-ID capable services] d404d_idp.hackeriet.no
Line 25: Line 25:
 All services enrolled into Hacker-ID are documented using tags in Netbox: All services enrolled into Hacker-ID are documented using tags in Netbox:
   * [[https://ip.hackeriet.no/extras/tags/10/|Hacker-ID: LDAP]] -- Not currently implemented   * [[https://ip.hackeriet.no/extras/tags/10/|Hacker-ID: LDAP]] -- Not currently implemented
-  * [[https://ip.hackeriet.no/extras/tags/8/|Hacker-ID: RADIUS]] -- Not currently implemented+  * [[https://ip.hackeriet.no/extras/tags/8/|Hacker-ID: RADIUS]] -- Select Nettlauget infrastructure
   * [[https://ip.hackeriet.no/extras/tags/6/|Hacker-ID: SSH]] -- SSH daemon reads authorized keys from Hacker-ID   * [[https://ip.hackeriet.no/extras/tags/6/|Hacker-ID: SSH]] -- SSH daemon reads authorized keys from Hacker-ID
   * [[https://ip.hackeriet.no/extras/tags/7/|Hacker-ID: SSO]] -- OpenID/OAuth2 authentication flow   * [[https://ip.hackeriet.no/extras/tags/7/|Hacker-ID: SSO]] -- OpenID/OAuth2 authentication flow
Line 77: Line 77:
 | ''service-dokuwiki-users'' | ''hackeriet-styret'' | Login as regular users to Dokuwiki | | ''service-dokuwiki-users'' | ''hackeriet-styret'' | Login as regular users to Dokuwiki |
 | ''service-hedgedoc-users'' | ''nettlaug-operators'' | Logon rights to pad.hackeriet.no | | ''service-hedgedoc-users'' | ''nettlaug-operators'' | Logon rights to pad.hackeriet.no |
-| ''service-idp-sysops'' | ''d404d@idp.hackeriet.no'' | Administrative privileges to Hacker-ID (Kanidm, SSH, sudo, and docker) |+| ''service-idp-sysops'' | ''service-idp-sysops'' | Administrative privileges to Hacker-ID (Kanidm, SSH, sudo, and docker) |
 | ''service-librenms-users'' | ''nettlaug-operators'' | Logon rights to nms.hackeriet.no | | ''service-librenms-users'' | ''nettlaug-operators'' | Logon rights to nms.hackeriet.no |
 | ''service-netbox-staff'' | ''nettlaug-operators'' | Django staff rights in Netbox | | ''service-netbox-staff'' | ''nettlaug-operators'' | Django staff rights in Netbox |
Line 157: Line 157:
   * Located in ''/srv/kanidm''   * Located in ''/srv/kanidm''
     * One docker compose stack with Traefik (for certificate issuance as LE needs this in-line) and Kanidm     * One docker compose stack with Traefik (for certificate issuance as LE needs this in-line) and Kanidm
 +    * [[https://ip.hackeriet.no/ipam/prefixes/48/prefixes/|Dedicated v6 subnet]] defined in compose and in /etc/docker/daemon.json in order for XFF mapping to work properly
     * Communication between the two are encrypted using a self-signed certificate (Kanidm requires last-hop encryption)     * Communication between the two are encrypted using a self-signed certificate (Kanidm requires last-hop encryption)
     * Created user and group "kanidm" in the host, which will represent the kanidm container's resources. Rights configured according to https://kanidm.github.io/kanidm/stable/security_hardening.html#security-hardening     * Created user and group "kanidm" in the host, which will represent the kanidm container's resources. Rights configured according to https://kanidm.github.io/kanidm/stable/security_hardening.html#security-hardening
/srv/hackeriet-wiki/dokuwiki/data/attic/infra/services/hacker-id.1754597652.txt.gz · Last modified: by d404d_idp.hackeriet.no