The only alternative I know of that goes close to what FreeIPA does (minus the cert part) is kanidm. It does:

• oauth2
• ssh key distribution
• RADIUS
• PAM/SSSD
• LDAP

I just noticed they have a beta for multimaster replication, which is nice.

I use it at home. Note, though, that it does not do any hand-holding, and all configuration is done through CLI. Also note, there are docs for the stable or dev branch and there sometimes are big differences between the two.

Yeah, sounds like a security feature… I was able to configure Traefik to connect with TLS, verifying the peer certificate.

Yes, it should cover all the use cases you mention!

I use oauth2-proxy as ForwardAuth on Traefik so I can protect apps that do not support OAuth/OIDC login/

I use kanidm with oauth2-proxy. No issues so far, it was pretty easy to set up.

Note that the connection to kanidm needs to be TLS even if you have a reverse proxy!

EDIT: currently using 80MB RAM for two users and three Service Providers.

Hey there! I’m also a fellow Reddit expat, deleted my logins in the day the API limits went into effect. I’m also coming from a long pause in activity, I’m planning to try some SOTA once the weather gets a bit warmer. I’m the proud owner of a IC-706mk2G with a couple of blown caps (I really hope the FETs are okay) and a bunch of handhelds. 73 de IV3BSI

I think you can create a group for friends and a group for family. If you want more separation I think Authentik handles multi-tenancy as well

Saving this for all my future pro-systemd flames, thank you!

It’s a bit chaotic, and they try to force you to pay for other stuff in the process, but the prices were not that far off from other registrars. Note that I use DeSEC for the actual nameservers though.

I’ve moved mine to Infomaniak (Switzerland), no complaints so far!

Maybe you could try tryton? It’s modular and you can add a lot of useful functionality for businesses, like stocks/orders etc

I’m also leaving, migrates to infomaniak as a registrar, DeSec as DNS provider and Migadu for email… no regrets!

Sure, but it’s a question of principle. I try to use and support FLOSS software if possible.

Aw man… and I was just thinking about deploying Nomad in my homelab…

I use sops, usually with exec-env

Huh, that’s actually way better than my current setup of spamming me on Telegram every time there’s an update

Exactly this. In a federated network, the instance with the majority of users could dictate the protocol, forcing the smaller issues to continually adapt or die. See this post for a very real example of this.

Yeah, I was registering my domains there because they are in Europe and had some extra services, I’ll be taking my business elsewhere now

Yeah, that’s a solid choice! I’ve used their proxy service and was pretty solid.