| 29 May 2026 |
|  lassulus changed their profile picture. | 07:06:18 |
|  Skoh joined the room. | 15:38:42 |
 leona | Hetzner will increase prices for new orders starting June 15: https://www.hetzner.com/pressroom/standardization-and-price-adjustment-of-our-server-products/. So likely order now if you need something | 17:21:36 |
 hexa (signing key rotation when) | ax162-r orders are already too expensive with over 1k setup | 17:24:59 |
| hexa (signing key rotation when) | and ampere machines have been unavailable for a long while | 17:25:15 |
| hexa (signing key rotation when) | might order a vm for a new part of infra, if I can allocate one in time | 17:25:37 |
| hexa (signing key rotation when) | tl;dr is we want glitchtip, because we can't really have sentry at home | 17:30:19 |
| hexa (signing key rotation when) | And I want scoped auth and the simplest solution would be a local dex instance | 17:30:51 |
| hexa (signing key rotation when) | But the more interesting solution long-term would be a full idp | 17:31:21 |
| hexa (signing key rotation when) | And I would want that on a dedicated VM tbh | 17:31:39 |
| hexa (signing key rotation when) | Question is: Keycloak vs Authentik | 17:47:15 |
 Jeremy Fleischman (jfly) | I found Keycloak's UI arcane enough that I needed a tool to manage it (I used pulumi, but I imagine terraform would work).
I wouldn't be surprised if Authentik is similar, though. Probably just the nature of the problem space.
| 17:51:57 |
| leona | ideally you know all of the specs by heart if you use keycloak ^^ it's actually much more complicated than the other UIs of the other tools, but it can do anything | 17:57:01 |
| hexa (signing key rotation when) | I have deployed keycloak before, around the Quarkus upgrade. It does offer all the features. | 18:07:56 |
| hexa (signing key rotation when) | But what we mostly need is bridging the gap from where our existing users are. | 18:08:20 |
| hexa (signing key rotation when) | And if someone can recommend Authentik over Keycloak I'm here to listen. | 18:12:26 |
 Marcel | It can be configured declerativly :) | 18:12:44 |
| Marcel | * | 18:13:02 |
| Marcel | ive used both before - there are pretty similar, authentik has an ldap interface (ive never tried it) and has some nice debugging features (you can inspect the id token e.g. in keycload you always had to hack into your applications or had to curl endpoints) | 18:14:05 |
 K900 | I am a certified keycloak hater | 18:14:07 |
| K900 | But I will say that keycloak is probably the only thing I've seen that can do anything | 18:14:19 |
| K900 | With authentik or kanidm or w/e you're eventually going to run into a thing that it just Won't Do | 18:14:42 |
| hexa (signing key rotation when) | kanidm fails at "sign in with github" already :p | 18:15:04 |
| K900 | Well that's more of a "we don't have that yet" | 18:16:00 |
| K900 | But yes | 18:16:07 |
 Tom | 
Download image.png | 20:22:06 |
| Tom | Redacted or Malformed Event | 20:22:22 |
| Tom | also doesn't sound like that will change (if's from their forum) | 20:22:38 |
| Tom | * also doesn't sound like that will change anytime soon (if's from their forum) | 20:24:27 |
 raitobezarius | keycloak4life | 21:18:42 |
