litecharms/security
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10 Commits 2 Branches 0 Tags
99c3498ae4343bdebef17bd8d9428aaa4a01eeb9
T
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Khwezi Mngoma 99c3498ae4 Added host resolution fix to build steps 
Added verbosity flags on each restore command
2026-06-06 00:03:18 +02:00
shared
Add project files.
2026-06-05 22:07:25 +02:00
src
Added host resolution fix to build steps
2026-06-06 00:03:18 +02:00
.dockerignore
Add project files.
2026-06-05 22:07:25 +02:00
.gitattributes
Add .gitattributes, .gitignore, and README.md.
2026-06-05 22:07:14 +02:00
.gitignore
Refactored project paths in docker files
2026-06-05 23:35:46 +02:00
docker-compose.dcproj
Add project files.
2026-06-05 22:07:25 +02:00
docker-compose.yml
Added host resolution fix to build steps
2026-06-06 00:03:18 +02:00
LiteCharmsSecurity.AdminUI.sln
Add project files.
2026-06-05 22:07:25 +02:00
README.md
Refactored Readme
2026-06-05 23:06:38 +02:00

README.md

LiteCharmsSecurity

An enterprise-grade Identity and Access Management (IAM) solution built on top of Skoruba Duende IdentityServer. This repository houses the entire security architecture for the Lite Charms ecosystem, providing Single Sign-On (SSO), OAuth 2.0, and OpenID Connect (OIDC) capabilities.

🌐 Infrastructure Architecture

This solution is optimized for production-grade self-hosting behind a secure reverse-proxy tunnel.

  • Identity Provider (STS): sts.security.khongisa.co.za (Port 8083)
  • Management Console (Admin UI): admin.security.khongisa.co.za (Port 8081)
  • Management Backend (Admin API): api.security.khongisa.co.za (Port 8082)

Deployment Stack

  • Reverse Proxy / Edge Router: Pangolin (Handles full external SSL termination).
  • Container Orchestrator: Dockhand VM (Automated GitOps deployments pulled directly from Gitea).
  • Database Layer: Dedicated PostgreSQL running in an isolated Proxmox LXC Container (192.168.1.170).

🛠️ Environment Variables Configuration

Do not check production secrets into Git. Define the following environment variables within the Dockhand UI before launching or updating the stack:

Variable Description Example / Default
DB_PASSWORD Master password for the Postgres LXC container database instance. [Secure Sensitive Value]
SMTP_PASSWORD Password for the outbox notification transactional mail provider. [Secure Sensitive Value]
SMTP_HOST Outbound mail relay server domain. mail.litecharms.co.za
SMTP_LOGIN Corporate security transactional system email account. security@litecharms.co.za
APPLY_MIGRATIONS Toggles automatic Entity Framework database migrations on startup. true (First Run Only)
APPLY_SEED Seeds baseline system roles, client configurations, and default admin users. true (First Run Only)

🚀 Deployment Instructions via Dockhand

1. First-Time Setup (Initialization Mode)

When deploying this stack for the absolute first time onto a blank database instance, ensure both flags are explicitly enabled in the Dockhand dashboard:

APPLY_MIGRATIONS=true
APPLY_SEED=true
Reference in New Issue View Git Blame Copy Permalink
S
Description
Security and Identity management
Readme 628 KiB
Languages
C# 50.5%
TypeScript 32.8%
HTML 8.3%
CSS 4.2%
JavaScript 4%
Other 0.2%