technitium-pilot: document and wire native oidc sso
Some checks failed
secret-guardrails / artifact-secret-scan (push) Has been cancelled
secret-guardrails / gitleaks (push) Has been cancelled

This commit is contained in:
Fizzlepoof
2026-05-23 22:17:35 +00:00
parent c1f6dce227
commit 26d5407b86
3 changed files with 20 additions and 0 deletions

View File

@@ -28,5 +28,7 @@ Notes:
- The stack binds only to `TECHNITIUM_BIND_IP`, so PD must have that secondary address present on `LAN_INTERFACE` before `docker compose up`.
- The helper script adds the pilot IP alias read/write on the live host for the current boot only. That is deliberate for pilot safety.
- Technitium reads the environment initialization only on first boot when `/etc/dns` is empty. If you need to re-seed initial settings, stop the container and clear the config directory first.
- SSO-capable deployments should set the `DNS_SERVER_SSO_*` variables. Keep a known local admin account as rollback because Technitium may only apply initial auth/env seeding cleanly on first boot or with an empty `/etc/dns` config dir.
- Authentik native OIDC callback for Technitium is `https://dns.paccoco.com/sso/callback`.
- The authoritative zone `home.paccoco.com` is now hosted in Technitium with `dns.home.paccoco.com -> 10.5.30.8`.
- Clients will resolve `dns.home.paccoco.com` only when they query Technitium directly, or after DHCP/cutover points them at Technitium.