Misc housekeeping tidy-ups

manuscript/recipes/homeassistant/ibeacon.md

@@ -1,26 +0,0 @@
-# iBeacons with Home assistant
-
-!!! warning
-This is not a complete recipe - it's an optional additional of the [HomeAssistant](/recipes/homeassistant/) "recipe", since it only applies to a subset of users
-
-One of the most useful features of Home Assistant is location awareness. I don't care if someone opens my office door when I'm home, but you bet I care about (_and want to be notified_) it if I'm away!
-
-## Ingredients
-
-1. [HomeAssistant](/recipes/homeassistant/) per recipe
-2. iBeacon(s) - This recipe is for <https://s.click.aliexpress.com/e/bzyLCnAp>
-3. [LightBlue Explorer](https://itunes.apple.com/nz/app/lightblue-explorer/id557428110?mt=8)
-
-## Preparation
-
-### Write UUID to iBeacon
-
-The iBeacons come with no UUID. We use the LightBlue Explorer app to pair with them (_code is "123456"_), and assign own own UUID.
-
-Generate your own UUID, or get a random one at <https://www.uuidgenerator.net/>
-
-Plug in your iBeacon, launch LightBlue Explorer, and find your iBeacon. The first time you attempt to interrogate it, you'll be prompted to pair. Although it's not recorded anywhere in the documentation (_grr!_), the pairing code is **123456**
-
-Having paired, you'll be able to see the vital statistics of your iBeacon.
-
---8<-- "recipe-footer.md"

manuscript/recipes/keycloak/index.md

@@ -4,9 +4,11 @@ description: Kick-ass OIDC and identity management
 
 # KeyCloak
 
-[KeyCloak](https://www.keycloak.org/) is "_an open source identity and access management solution_". Using a local database, or a variety of backends (_think [OpenLDAP](/recipes/openldap/)_), you can provide Single Sign-On (SSO) using OpenID, OAuth 2.0, and SAML. KeyCloak's OpenID provider can be used in combination with [Traefik Forward Auth](/ha-docker-swarm/traefik-forward-auth/), to protect [vulnerable services](/recipes/autopirate/nzbget/) with an extra layer of authentication.
+[KeyCloak](https://www.keycloak.org/) is "_an open source identity and access management solution_". Using a local database, or a variety of backends (_think [OpenLDAP](/recipes/openldap/)_), you can provide Single Sign-On (SSO) using OpenID, OAuth 2.0, and SAML.
 
-![KeyCloak Screenshot](../images/keycloak.png)
+KeyCloak's OpenID provider can also be used in combination with [Traefik Forward Auth](/ha-docker-swarm/traefik-forward-auth/), to protect [vulnerable services](/recipes/autopirate/nzbget/) with an extra layer of authentication.
+
+![KeyCloak Screenshot](../../images/keycloak.png)
 
 --8<-- "recipe-standard-ingredients.md"
 
@@ -39,7 +41,7 @@ KEYCLOAK_PASSWORD=ilovepasswords
 PROXY_ADDRESS_FORWARDING=true
 
 # What's our hostname?
-KEYCLOAK_HOSTNAME=keycloak.batcave.com
+KEYCLOAK_HOSTNAME=keycloak.example.com
 
 # Tell Postgress what user/password to create
 POSTGRES_USER=keycloak
@@ -76,20 +78,19 @@ services:
       - internal
     deploy:
       labels:
-        # traefik common
+        # traefik
         - traefik.enable=true
         - traefik.docker.network=traefik_public
 
         # traefikv1
         - traefik.frontend.rule=Host:keycloak.example.com
-        - traefik.port=8080     
+        - traefik.port=8080
 
         # traefikv2
         - "traefik.http.routers.keycloak.rule=Host(`keycloak.example.com`)"
+        - "traefik.http.routers.keycloak.entrypoints=https"
         - "traefik.http.services.keycloak.loadbalancer.server.port=8080"
-        - "traefik.enable=true"
-
-
+      
   keycloak-db:
     env_file: /var/data/config/keycloak/keycloak.env
     image: postgres:10.1
@@ -136,6 +137,8 @@ networks:
 
 Launch the KeyCloak stack by running `docker stack deploy keycloak -c <path -to-docker-compose.yml>`
 
-Log into your new instance at https://**YOUR-FQDN**, and login with the user/password you defined in `keycloak.env`.
+Log into your new instance at `https://YOUR-FQDN`, and login with the user/password you defined in `keycloak.env`.
 
 --8<-- "recipe-footer.md"
+
+[^1]: For more geeky {--pain--}{++fun++}, try integrating KeyCloak with [OpenLDAP][openldap] for an authentication backend!