Authentik handles SSO for all my apps like immich, linkwarden, owncloud etc. Openid when available but some web apps are done via forward proxy auth. Jellyfin uses LDAP via authentik which isn’t sso technically.

Other than me, no one else mounts samba shares directly. All personal files are synced to server and other devices with owncloud (OCIS).

Yes its config file only, but if you get the File editor app, it’s quite easy to just copy and paste a few lines into the editor.

Once it’s setup it never changes.

I’ve not looked for an LDAP solution but stuff like this is why i went with authentik over other solutions. Because authentik has LDAP built in, i can use this when needed (jellyfin) but then use openid for other apps (which us superior in almost every way for home lab use)

There are auth libraries that you can just plug into your app so you don’t even have to worry about that part yourself and just focus on the app

https://authjs.dev/getting-started

I use this tutorial to setup external only and internal only URLs both with SSL

https://youtu.be/liV3c9m_OX8

https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos

Check here

https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos

Check compatibility here.

Borgbase has good options for Borg and restic backups.

I highly recommend using one of these 2 for proper backups. Borg with borgmatic scripts are fantastic

Borgmatic

You can self host the Borg server in docker (or bare metal) on another server if you have one (or a friends) and then borgbase offers very good paid backup storage

I use a second server locally, a friend and borgbase as backup locations.

You have angered the helmsman Charon. Your misdeeds have been noted.