!RROtHmAaQIkiJzJZZE:nixos.org

NixOS Infrastructure

477 Members
Next Infra call: 2024-07-11, 18:00 CEST (UTC+2) | Infra operational issues backlog: https://github.com/orgs/NixOS/projects/52 | See #infra-alerts:nixos.org for real time alerts from Prometheus.149 Servers

Load older messages


SenderMessageTime
29 May 2026
@vcunat:matrix.orgVladimír ČunátNegative means manual trigger, yes.05:34:53
@vcunat:matrix.orgVladimír ČunátBuilds for the 26.05 release had priority right now.05:35:24
@vcunat:matrix.orgVladimír ČunátBut I believe it's ready at this point, and we got a nixos/unstable eval. (which is nice, as unstable is still on a 5 days old commit)05:41:59
@lassulus:lassul.uslassulus changed their profile picture.07:06:18
@skoh_:matrix.orgSkoh joined the room.15:38:42
@leona:leona.isleonaHetzner will increase prices for new orders starting June 15: https://www.hetzner.com/pressroom/standardization-and-price-adjustment-of-our-server-products/. So likely order now if you need something17:21:36
@hexa:lossy.networkhexaax162-r orders are already too expensive with over 1k setup17:24:59
@hexa:lossy.networkhexaand ampere machines have been unavailable for a long while17:25:15
@hexa:lossy.networkhexamight order a vm for a new part of infra, if I can allocate one in time17:25:37
@hexa:lossy.networkhexatl;dr is we want glitchtip, because we can't really have sentry at home17:30:19
@hexa:lossy.networkhexaAnd I want scoped auth and the simplest solution would be a local dex instance17:30:51
@hexa:lossy.networkhexa But the more interesting solution long-term would be a full idp 17:31:21
@hexa:lossy.networkhexaAnd I would want that on a dedicated VM tbh17:31:39
@hexa:lossy.networkhexaQuestion is: Keycloak vs Authentik17:47:15
@jfly:matrix.orgJeremy Fleischman (jfly)

I found Keycloak's UI arcane enough that I needed a tool to manage it (I used pulumi, but I imagine terraform would work).

I wouldn't be surprised if Authentik is similar, though. Probably just the nature of the problem space.

17:51:57
@leona:leona.isleonaideally you know all of the specs by heart if you use keycloak ^^ it's actually much more complicated than the other UIs of the other tools, but it can do anything17:57:01
@hexa:lossy.networkhexaI have deployed keycloak before, around the Quarkus upgrade. It does offer all the features.18:07:56
@hexa:lossy.networkhexaBut what we mostly need is bridging the gap from where our existing users are.18:08:20
@hexa:lossy.networkhexaAnd if someone can recommend Authentik over Keycloak I'm here to listen.18:12:26
@me:m4rc3l.deMarcelIt can be configured declerativly :)18:12:44
@me:m4rc3l.deMarcel * 18:13:02
@me:m4rc3l.deMarcelive used both before - there are pretty similar, authentik has an ldap interface (ive never tried it) and has some nice debugging features (you can inspect the id token e.g. in keycload you always had to hack into your applications or had to curl endpoints)18:14:05
@k900:0upti.meK900I am a certified keycloak hater18:14:07
@k900:0upti.meK900 But I will say that keycloak is probably the only thing I've seen that can do anything 18:14:19
@k900:0upti.meK900 With authentik or kanidm or w/e you're eventually going to run into a thing that it just Won't Do 18:14:42
@hexa:lossy.networkhexa kanidm fails at "sign in with github" already :p 18:15:04
@k900:0upti.meK900 Well that's more of a "we don't have that yet" 18:16:00
@k900:0upti.meK900But yes18:16:07
@tom:dragar.deTomimage.png
Download image.png
20:22:06
@tom:dragar.deTomRedacted or Malformed Event20:22:22

Show newer messages


Back to Room ListRoom Version: 6