ilia/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ansible/docs/guides/handoff-next-steps.md
ilia 0f34c51fc8
All checks were successful
CI / skip-ci-check (pull_request) Successful in 8s
Details
CI / lint-and-test (pull_request) Successful in 17s
Details
CI / secret-scanning (pull_request) Successful in 8s
Details
CI / dependency-scan (pull_request) Successful in 18s
Details
CI / ansible-validation (pull_request) Successful in 54s
Details
CI / sast-scan (pull_request) Successful in 29s
Details
CI / license-check (pull_request) Successful in 14s
Details
CI / vault-check (pull_request) Successful in 13s
Details
CI / container-scan (pull_request) Successful in 8s
Details
CI / sonar-analysis (pull_request) Successful in 8s
Details
CI / playbook-test (pull_request) Successful in 27s
Details
CI / workflow-summary (pull_request) Successful in 6s
Details
Complete homelab post-sprint: SSO docs, monitoring scripts, phase 0/1 closure. 
Consolidate sprint status into handoff docs, add Listmonk/Mattermost/Mailcow
and Vikunja SSO guides, Beszel alerts script, mattermost inventory, and
mark phases 0–1 complete with phase 2 backlog for edge Caddy and security.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-24 12:13:55 -04:00

67 lines
2.2 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Handoff — next steps (after post-sprint merge)
**Merged from:** `homelab/post-sprint-2026-05-24``master`
**Sprint snapshot:** [handoff-2026-05-24.md](handoff-2026-05-24.md)
**Master plan:** [levkin-selfhost-plan-2.md](levkin-selfhost-plan-2.md)
---
## Phases complete
| Phase | Status |
|-------|--------|
| **0 Foundation** | ✅ Static IPs, DNS, UniFi DHCP, Caddy VM `.50` |
| **1 Identity** | ✅ Authentik LXC 217, `auth.levkin.ca`, admin + TOTP |
| **2 Monitoring** | ✅ (sprint) Kuma, Umami, Beszel, Dockge, `status`/`stats` |
| **3 Cal.com** | ✅ booking live; OIDC deferred (license) |
| **4 SSO** | ✅ Vikunja, Listmonk, Mattermost, Mailcow — **smoke-test in browser** |
**Not Phase 0/1:** Caddy → edge LXC `.20` moved to **Phase 2 backlog** (was Phase 1.5).
---
## Immediate (this week)
1. **SSO smoke tests** (Playwright MCP or manual) as `ilia`:
- https://todo.levkin.ca — Authentik
- https://listmonk.levkin.ca/admin — Authentik
- https://slack.levkin.ca — “GitLab” / Authentik button
- https://mail.levkine.ca — Generic-OIDC
2. **Rotate secrets** — Authentik API token, Beszel admin, OIDC client secrets (batch when stable)
3. **Mattermost users** — existing accounts: Profile → Switch to GitLab SSO
---
## Phase 2 backlog (infra + ops)
| Priority | Item | Effort |
|----------|------|--------|
| 1 | **Caddy → edge LXC** @ `10.0.10.20` | ~30 min + 24h watch |
| 2 | **Security remediation** — [security-remediation-plan.md](security-remediation-plan.md) | ongoing |
| 3 | **NAS disk** `W4J0L3PY` → Jellyfin VM 101 | hardware |
| 4 | **Cal OIDC** | blocked on `CALCOM_LICENSE_KEY` |
| 5 | **Phases 58** — Immich, Crater, Outline, etc. | when needed |
---
## Useful commands
```bash
make vault-export-env
make caddy-monitoring
make beszel-setup-alerts # BESZEL_EMAIL + BESZEL_PASSWORD
./scripts/kuma-add-monitors.sh
ssh root@10.0.10.237 # Mattermost (root key installed)
```
## Docs added this sprint
- [listmonk-authentik-oidc.md](listmonk-authentik-oidc.md)
- [mattermost-authentik-gitlab-oauth.md](mattermost-authentik-gitlab-oauth.md)
- [mailcow-authentik-oidc.md](mailcow-authentik-oidc.md)
- [cursor-mcp-homelab.md](cursor-mcp-homelab.md)
---
*2026-05-24*
Reference in New Issue View Git Blame Copy Permalink