> plonk it down next to a simple OpenID server for authentication
Could you please elaborate on this solution? I'm not sufficiently knowledgeable about OpenID to quite understand what you mean, but I'd like to avoid any of the mentioned SSO providers, as they're all blocked on my systems for personal use.
... so I assume you mean that I could install one of [0-2] along with Headscale [3] to get the similar effect of installing Tailscael, just without those annoying SSO providers? I will see if I can find the time for examining that solution. Anything that can keep MS and Goog away is most welcome
Yes, with your open OpenID server you basically become your own SSO. I've set up a Keycloak instance for my self hosted stuff and now I can add 2FA to almost any web self-hosted service without the service even needing to have support for it.
Keycloak is quite a complicated system to configure, though, there are easier alternatives out there. If you're just trying to get anything up and running, something simple like Authelia may be better for your use case (disclaimer: I've never tried it, but it seems light weight and other people online seem to recommend it).
Could you please elaborate on this solution? I'm not sufficiently knowledgeable about OpenID to quite understand what you mean, but I'd like to avoid any of the mentioned SSO providers, as they're all blocked on my systems for personal use.
Added: Found these as per mention in your post:
[0] https://openid.net/connect/
[1] https://simpleid.org/
[2] https://www.keycloak.org/
... so I assume you mean that I could install one of [0-2] along with Headscale [3] to get the similar effect of installing Tailscael, just without those annoying SSO providers? I will see if I can find the time for examining that solution. Anything that can keep MS and Goog away is most welcome
[3] https://github.com/juanfont/headscale