This is a great point. Thanks for taking the time and great app.

One of the best comments I’ve seen here. Kudos

I really want to like one of these. I’ve tried it before but can anyone using this or similar tell me how it differs and improves upon just using Firefox sync?

Dendrite iirc is essentially in maintenance mode. I run a small one but I don’t think it’s expected to get any new features until there is more funding.

I might give this a go. Have been using bog standard ingress nginx for my k8s but have wanted to try a gateway supporting ingress product for a while.

Thanks op.

Disagree. I’ve self hosted nextcloud for years without issue.

Just go with what you need. Some only need contacts and calendars, others want the whole thing.

It’s only made worse that they are now so tied to whatever versioning they’re using instead of semver.

I don’t understand this question. Are there people who wear their filthy, disgusting shoes around their nice, clean house? What animals and monsters do this?

Talk about lack of reading comprehension.

Blocked. No use talking to someone like this.

Yep. And quite frankly, I don’t understand the hostility. I take my shoes off if they’re clearly dirty (ie. mud, water, etc.) but normal just walking on sidewalk? Why?

Maybe there is some kind of very trace amount of dirt on there but what difference does it make to my floors? I wear shoes in the house too so if they are dirty, oh well. I guess if you had one person going barefoot and one wearing shoes, maybe that is why you find it odd?

I also think a lot of people here are very afraid of any dirt. I vacuum weekly and mop biweekly and it seems fine (mostly hardwood here.)

Like why would my floors need to be spotless? Do people just find it “icky” or what? I have to think there is like a next to zero chance you contract any kind of sickness by just wearing shoes inside your house and “bringing in dirt” so

I think it might be more difficult for you to grasp it’s not really nice to call someone doing something other than you an “animal” or a “monster.”

Good lord- it’s shoes man. Relax.

This is at least hilarious to me.

I just don’t get people downvoting. It’s odd. Maybe it’s odd I put them on but I just like being prepared to go do whatever. I might take the trash out, might go for a walk or go to the store, might sit on the deck, etc. Makes it easy to just have them on already.

What really kills me is people who don’t do this seem to get ANGRY that some do. Like, it’s not your house, what do you care?

Yep.

The only test that exactly no one will ever pass is a progressive purity test.

There’s always something objectionable and it gives them the perfect excuse to do nothing instead of something that’s not perfect.

That’s not exactly good for making a party, let alone a viable one in a first past the post system.

Could simplify it by making a 28 block at most. That is 14 IPs per bridge which seems like way more than one would generally need anyhow.

{
  "default-address-pools": [
    { "base":"172.16.0.0/12", "size":28 },
  ]
}

I will have to check. Still willing to try again. I’ll update if i get it going better on round 2.

Thanks for the hint about the docs. I hadn’t thought of that.

0e2475ba-882a-4f61-8938-2642ca80193b WARN     │  ┝━ 🚧 [warn]: WARNING: index "displayname" Equality was not found. YOU MUST REINDEX YOUR DATABASE
0e2475ba-882a-4f61-8938-2642ca80193b WARN     │  ┝━ 🚧 [warn]: WARNING: index "name_history" Equality was not found. YOU MUST REINDEX YOUR DATABASE
0e2475ba-882a-4f61-8938-2642ca80193b WARN     │  ┝━ 🚧 [warn]: WARNING: index "jws_es256_private_key" Equality was not found. YOU MUST REINDEX YOUR DATABASE

I had to drop it for a few days. I got that at some point though. It’s all brand new so I wouldn’t know why. Seems a bit rough around the edges so far. I’ll try to reindex and attempt again. I really want this to be the product I use since it’s a nice AIO solution but we’ll see.

Edit:

[~]$ podman run --rm -i -t -v kanidm:/data \
    kanidm/server:latest /sbin/kanidmd reindex -c /data/server.toml
error: unrecognized subcommand 'reindex'

Phew boy. Straight from the docs. Same with the vacuum command.

Looks like the docs need updated to specify the command is kanidm database reindex -c /data/server.toml

And further upon trying to login…

300e55b7-e30a-42a5-ac3e-ec0e69285605 INFO     handle_request [ 188µs | 0.00% / 100.00% ]
300e55b7-e30a-42a5-ac3e-ec0e69285605 INFO     ┕━ request [ 188µs | 72.94% / 100.00% ] method: GET | uri: /v1/auth/valid | version: HTTP/1.1
300e55b7-e30a-42a5-ac3e-ec0e69285605 INFO        ┝━ handle_auth_valid [ 50.8µs | 25.54% / 27.06% ]
300e55b7-e30a-42a5-ac3e-ec0e69285605 INFO        │  ┝━ validate_client_auth_info_to_ident [ 2.85µs | 1.51% ]
300e55b7-e30a-42a5-ac3e-ec0e69285605 WARN        │  │  ┕━ 🚧 [warn]: No client certificate or bearer tokens were supplied
300e55b7-e30a-42a5-ac3e-ec0e69285605 ERROR       │  ┕━ 🚨 [error]: Invalid identity: NotAuthenticated | event_tag_id: 1
300e55b7-e30a-42a5-ac3e-ec0e69285605 WARN        ┕━ 🚧 [warn]:  | latency: 204.504µs | status_code: 401 | kopid: "300e55b7-e30a-42a5-ac3e-ec0e69285605" | msg: "client error"

I think I’m gonna have to just nuke it and start fresh but yeah, this is not a great first impression at all.

I could do this but sadly even just the trial did not work. I’m using podman but it gives me “invalid state” just trying to login with a user per the quickstart, etc. Can’t reset the password cleanly, can’t add a passkey via bitwarden, etc.

Unsure if I’m doing something wrong or if it’s very alpha/beta.

Awesome. Thank you.

Now to see how i make this work in k8s since they evidently mandate the cert inside instead of just allowing the ingress to have it.

Does this do it all? It seems that it holds all your users like LDAP and can auth that way too. But it can also do simple oidc integrations too? Basically just want to see if it is the all in one. Looks like it does which is why i wonder why you use oauth2-proxy in addition.

I’ve otherwise been trailing keycloak/authelia as the oidc portion and lldap/freeipa as the ldap Backend that actually holds the users. Would love to simplify if possible.