d1

throwing this one online!

No Ansible, No LDAP: How to use single sign-on for app/server access across multiple servers: https://d1.hackers.moe/notes/no-ansible-no-ldap/

i've been looking into how small-scale community hosters might benefit from using single sign-on systems not only for web logins but also for server access management

please pipe all your unconstructive opsec rants to /dev/null 🙏

No Ansible, No LDAP: How to use single sign-on for app/server access across multiple servers

Mar 24 at 8:23amWeb
Show threadKrzysztof Sakrejda4d ago
@d1 I run some various little things and rauthy seems like it really fits this niche well. I've been thinking about trying it out so I appreciate the write-up!
Show threadd14d ago

@wronglang tysm!

that's great to hear also. good luck with it and please do consider sharing your experiences. I'd be curious how you get on ☺️

I can share configs or tips if you run into issues when setting things up and/or maintaining it

Show threadEdoardo Tenani4d ago
@d1 that's a great write-up! I've been using Yunohost as self hosted OS of choice, which abstracts away all of this to LDAP, but I keep frowning with my lack of understanding of it. Rauthy looks a great replacement with all the needed features. And the use of hiqsqlite makes it very interesting for horizontal scaling! Thanks for sharing
Show threadSemitones2d ago

@d1

> the core of the problem for community hosters is that you need people with specialist skills to do this work and you don’t have a lot of those.

Yep. I have minimal sysadmin skills. I would love to run some services off a PC under a desk for a community space I'm part of, but I just dont have the skills. Do you know of any groups that support would-be community-infra creator-maintainers?

Show threadd12d ago

@semitones great! and yes, extremely valid question. i'm not sure.

did you manage to find any local groups doing self-hosting?

we are like a pretty diverse crowd running @coopcloud and people who never touched a terminal are getting stuff deployed: https://coopcloud.tech/blog/march-2026-equinox/

we (@varia) wrote some guides which might help: https://homebrewserver.club

there's a lot of stuff online but i know it's way nicer to meet people locally and do stuff together...

i can only wish you good luck with the search!

March 2026 community update

March 2026 community update

The Co-op Cloud
Show threadSemitones2d ago
@d1 @varia @coopcloud I don't know of anyone doing it locally, but I might be in a position to help start something. I just have a lot of questions.
Show threadd12d ago
@semitones @varia @coopcloud share your questions when they come up and we can try to help ☺️
Show threadSemitones1d ago
@d1 @varia @coopcloud My first question is: if I want to setup Yunohost for a community to use, can it be done safely over the internet, or should I require everyone to login via tailscale to use it? (Yunohost or any hosted service)
Show threadd11d ago

@semitones my 2c would be: prioritise your own learning trajectory. setting up a vpn is harder to do and you're just getting started

set up your yunohost and put "simple" stuff on it like an etherpad for typing stuff together or a file sharing thing. you can also put all services behind the yunohost login

let people know you're learning and that they can read this https://homebrewserver.club/#embrace-the-feminist-server-manifesto 😛

The homebrewserver.club principles

homebrewserver.club
Show threadSemitones1d ago
@d1 I already use tailscale and yunohost myself, I just dont know if it is realistic to ask other users to also make an account on tailscale (and grant them access to my network) or if yunohost is safe enough exposed directly to the internet. I'm leaning towards option two.
Show threadd11d ago
@semitones ah ok, yeh, it should be totally fine! ofc there are all sorts of bots and scrapers etc. etc. but yunohost manages fail2ban for you and blocks weird stuff like e.g. someone trying to brute force an ssh login
Show threadBenjamin Lyng Jørgensen2d ago
@d1 wow, this is pretty great! I have been looking for something like this, and even came across rauthy and PAM but it always looked much too complicated for me. Thanks a lot for this!
@jeppe if we ever get #Folkeføderation really going and need to administer SSH access to multiple servers this might be a good way to manage it.
Show threadJeppe Bundsgaard på Mastodon2d ago
@benjaminlj @d1 yes looks good!