- Added Keycloak service with PostgreSQL backend
- Configured OIDC for both Headscale and Headplane
- Added systemd service to auto-create /var/lib/headplane directory
- Updated Keycloak realm JSON with required client scopes (openid, profile, email)
- Generated and configured Headscale API key for Headplane OIDC
- Added production hardening: auto-restart, garbage collection, boot cleanup
The setup now supports:
- User login via Keycloak OIDC at https://auth.kennys.mom
- Headplane web UI with SSO at https://headplane.kennys.mom/admin
- Fallback API key authentication
- Automated secret generation and permissions management
- Added systemd auto-restart configuration for headscale and headplane services
- Restored cookie_secret and cookie_secure settings required by Headplane
- Pinned Headplane to v0.6.0 to avoid Go version conflicts
- Updated flake.lock after pinning Headplane version
