ilia
0f34c51fc8
All checks were successful
CI / skip-ci-check (pull_request) Successful in 8s
CI / lint-and-test (pull_request) Successful in 17s
CI / secret-scanning (pull_request) Successful in 8s
CI / dependency-scan (pull_request) Successful in 18s
CI / ansible-validation (pull_request) Successful in 54s
CI / sast-scan (pull_request) Successful in 29s
CI / license-check (pull_request) Successful in 14s
CI / vault-check (pull_request) Successful in 13s
CI / container-scan (pull_request) Successful in 8s
CI / sonar-analysis (pull_request) Successful in 8s
CI / playbook-test (pull_request) Successful in 27s
CI / workflow-summary (pull_request) Successful in 6s
Consolidate sprint status into handoff docs, add Listmonk/Mattermost/Mailcow and Vikunja SSO guides, Beszel alerts script, mattermost inventory, and mark phases 0–1 complete with phase 2 backlog for edge Caddy and security. Co-authored-by: Cursor <cursoragent@cursor.com>
2.2 KiB
2.2 KiB
Handoff — next steps (after post-sprint merge)
Merged from: homelab/post-sprint-2026-05-24 → master
Sprint snapshot: handoff-2026-05-24.md
Master plan: levkin-selfhost-plan-2.md
Phases complete
| Phase | Status |
|---|---|
| 0 Foundation | ✅ Static IPs, DNS, UniFi DHCP, Caddy VM .50 |
| 1 Identity | ✅ Authentik LXC 217, auth.levkin.ca, admin + TOTP |
| 2 Monitoring | ✅ (sprint) Kuma, Umami, Beszel, Dockge, status/stats |
| 3 Cal.com | ✅ booking live; OIDC deferred (license) |
| 4 SSO | ✅ Vikunja, Listmonk, Mattermost, Mailcow — smoke-test in browser |
Not Phase 0/1: Caddy → edge LXC .20 moved to Phase 2 backlog (was Phase 1.5).
Immediate (this week)
- SSO smoke tests (Playwright MCP or manual) as
ilia:- https://todo.levkin.ca — Authentik
- https://listmonk.levkin.ca/admin — Authentik
- https://slack.levkin.ca — “GitLab” / Authentik button
- https://mail.levkine.ca — Generic-OIDC
- Rotate secrets — Authentik API token, Beszel admin, OIDC client secrets (batch when stable)
- Mattermost users — existing accounts: Profile → Switch to GitLab SSO
Phase 2 backlog (infra + ops)
| Priority | Item | Effort |
|---|---|---|
| 1 | Caddy → edge LXC @ 10.0.10.20 |
~30 min + 24h watch |
| 2 | Security remediation — security-remediation-plan.md | ongoing |
| 3 | NAS disk W4J0L3PY → Jellyfin VM 101 |
hardware |
| 4 | Cal OIDC | blocked on CALCOM_LICENSE_KEY |
| 5 | Phases 5–8 — Immich, Crater, Outline, etc. | when needed |
Useful commands
make vault-export-env
make caddy-monitoring
make beszel-setup-alerts # BESZEL_EMAIL + BESZEL_PASSWORD
./scripts/kuma-add-monitors.sh
ssh root@10.0.10.237 # Mattermost (root key installed)
Docs added this sprint
- listmonk-authentik-oidc.md
- mattermost-authentik-gitlab-oauth.md
- mailcow-authentik-oidc.md
- cursor-mcp-homelab.md
2026-05-24