Tyr

@[email protected]
32 Followers
171 Following
1.2K Posts

Software Engineer, mainly of infra/sre/devops things.
Passionate about Privacy and Security.
Believer in and proponent of Open Source, Open Knowledge and openness in general.

D&D fan, curious about other RPGs, Dungeon Keeper by default.

Co-parent of two cats and a dog.

#NoBot

Profile picture ALT: Photo of a bronze coloured cat with tiger like black stripes stretching belly up on a blue pillow. The pillow depicts two foxes in a circle forming a yin and yang symbol inspired pose.

Header picture ALT: Photo of the same cat at the profile picture sleeping on a bench beige pillow. His head leaning on a pillow with a forest and birds décor.

PronounsHe/Him
Show threadTyr18h ago
@Jacob_Wren how I live my life and didn't even know
Tyr18h ago
Jacob Wren1d ago
Be the elephant you wish to see in the room.
Tyr19h ago
Show threadAriadne Conill 🐰20h ago
this shit is why i do not ever configure network access on 'smart' appliances
Tyr1d ago
mhoye2d ago
One of my radical lefty extremist positions is the belief that when we realize something is bad for people or society we should stop subsidizing that thing immediately.
Tyr2d ago
Cat Hicks2d ago

hello, last year an academic engineering reviewer said my developer open science project on identity threat and belonging was "too much psychology for a software audience" and now my ebook is a #1 seller in COMPUTERS

POST ARMY RISE

https://www.drcathicks.com/#book

Tyr2d ago
Mia Rose 🖋️ Writer2d ago

It takes inhuman amounts of strength to remain soft after years of hardship

But if nothing else, you deserve it. They already took enough from you, don't let them take your kindness too

Tyr3d ago
Show threadviq3d ago
@tyrthecat if you already are familiar and comfortable with oauth2-proxy, then I guess next question is do you want to be WebAuthn/passkey only, in which case PocketID; if not, if you want prettier interface then Authelia, if managing via CLI then KaniDM.
Also, check out caddy, I believe it can be made to have in one place both web server, and via OIDC integration replace the oauth2-proxy.
Show threadTyr3d ago

@viq thank you, this is very helpful information.

I expect I'll want to play with the larger systems at some point but I'd like to find something smaller for the foreseeable future.

Show threadTyr3d ago

@viq thanks for the info.

Really all I want is something to put in front of my home server for myself and my husband (nextcloud, a password manager, wallabag, jellyfin) and a virtual table top (FoudryVTT) for my TTRPG group (about 6 people).

Right now I'm using OAuth2Proxy backed by Google accounts, which works ok but is very not flexible:

  • I had to create a Google App and I added people as test accounts (because I'm not going through reviews just to Auth 6 people).
  • Adding people means changes in the Google console + config files.
  • They have to have a Google account they can give me.
  • I had to code my own set of rules so the HTTP proxy allows users only for the apps I want them to use (oauth2proxy is yes or now kind of deal).
  • And after all that every app has its own users on top.

I really like the authentication at the proxy level personally because I can block all traffic to (some) apps if you are not authenticated but the rest feels incomplete and inconsistent.

And I would like something that allows MFA with TOTP/Yubikey for some people/apps.

Show threadTyr3d ago

@viq what do you mean by

And bounced right off of all the options.

?

I'm interested in simple identity management/SSO for my self-hosted server so very curious about the limitations of each option.