updating to match everything in my homelab.

2026-02-05 16:13:53 -05:00
parent f8787379c5
commit 80fb911e22
30 changed files with 3107 additions and 7 deletions
--- a/diagrams/user-registration-workflow.mmd
+++ b/diagrams/user-registration-workflow.mmd
@@ -0,0 +1,93 @@
+```plaintext
+%% User Registration and Approval Workflow (ADR-0029)
+%% Flowchart showing registration, approval, and access control
+
+flowchart TB
+    subgraph registration["📝 Registration Flow"]
+        direction TB
+        request["👤 User Requests<br/>Account"]
+        form["📋 Enrollment<br/>Form"]
+        created["✅ Account<br/>Created"]
+        pending["⏳ pending-approval<br/>Group"]
+    end
+
+    subgraph approval["✋ Admin Approval"]
+        direction TB
+        notify["📧 Admin<br/>Notification"]
+        review["👁️ Admin<br/>Reviews"]
+        decision{{"Decision"}}
+    end
+
+    subgraph groups["👥 Group Assignment"]
+        direction LR
+        reject["❌ Rejected"]
+        guests["🎫 homelab-guests<br/>Limited access"]
+        users["👥 homelab-users<br/>Full access"]
+        admins["👑 homelab-admins<br/>Admin access"]
+    end
+
+    subgraph access["🔓 Application Access"]
+        direction TB
+        
+        subgraph admin_apps["Admin Apps"]
+            authentik_admin["Authentik Admin"]
+            gitea["Gitea"]
+            flux_ui["Flux UI"]
+        end
+
+        subgraph user_apps["User Apps"]
+            affine["Affine"]
+            immich["Immich"]
+            nextcloud["Nextcloud"]
+            vaultwarden["Vaultwarden"]
+        end
+
+        subgraph guest_apps["Guest Apps"]
+            kavita["Kavita"]
+        end
+
+        subgraph no_access["No Access"]
+            profile["Authentik Profile<br/>(only)"]
+        end
+    end
+
+    %% Registration flow
+    request --> form
+    form --> created
+    created --> pending
+    pending --> notify
+
+    %% Approval flow
+    notify --> review
+    review --> decision
+    decision -->|"Reject"| reject
+    decision -->|"Basic"| guests
+    decision -->|"Full"| users
+    decision -->|"Admin"| admins
+
+    %% Access mapping
+    reject --> profile
+    guests --> guest_apps
+    users --> user_apps
+    users --> guest_apps
+    admins --> admin_apps
+    admins --> user_apps
+    admins --> guest_apps
+
+    classDef registration fill:#3498db,color:white
+    classDef approval fill:#f39c12,color:black
+    classDef group fill:#9b59b6,color:white
+    classDef admin fill:#e74c3c,color:white
+    classDef user fill:#27ae60,color:white
+    classDef guest fill:#1abc9c,color:white
+    classDef none fill:#95a5a6,color:white
+
+    class request,form,created,pending registration
+    class notify,review approval
+    class reject,guests,users,admins group
+    class authentik_admin,gitea,flux_ui admin
+    class affine,immich,nextcloud,vaultwarden user
+    class kavita guest
+    class profile none
+
+```