I’ve stated a few times that the purpose of this blog is to chronicle my journey into self-hosted, decentralized, and federated software and services. The reasons are to keep my technical skills sharp, route around censorship, and just be more independent from “big tech”. I recently came across a YouTube series called Back to the BBS which got me thinking about one of the original self-hosted, decentralized, and federated community platforms - the dial-up bulletin board system.

Since beginning this project, I have been slowly building up my (private) Ansible repository on Github. This repository is pulled into AWX where there are a series of jobs that run daily. The idea behind those daily jobs is to automate configuration and administration tasks such as installing the latest software and OS updates. I have also extended this capability to enhance my Kubernetes knowledge from building my workloads using the Rancher web interface to building manifest templates and deploying them using Ansible.

I looked up recently and realized that it had been almost 9 months since I posted an update here. It’s not that I have been idle, quite the contrary. The vision which originally sparked this project has continued to evolve. Too fast, unfortunately, because before I couldn’t take the time to document what I’ve done I’ve moved on to the next thing. This is especially disappointing because I’ve lost count of the number times I’ve come back to previous posts to refresh my memory about how I did something in the early days of this project.

At the beginning of this project, I started out setting up the foundation for Ansible to automate the management, configuration, deployment, and maintenance of the infrastructure that I set up. That was before the project got kicked into high gear with setting up the server, storage, Kubernetes, and several services on Kubernetes. Now it’s time to come back to that and utilize AWX to handle managing and running Ansible playbooks.

I will be configuring AWX to integrate with the Keycloak Single Sign-On previously installed. Previously, I set up oauth2 integration with Nextcloud, but this time I’m going to set up authentication using SAML. Fortunately, the RHSSO solution uses Keycloak and I found this nifty hands-on guide for configuring Tower with RHSSO. SAML Certificate # I’ve not previously generated an SSL certificate to be used with SAML. $ openssl req -new -x509 -days 365 -nodes -out saml.