diff --git a/README.md b/README.md index 2044b76..3bacf66 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,65 @@ +# the.ocean +návod + + + + + + + + + + + + + + + + + + + +# management summary + +filmy +https://jellyfin.media.ocean/ + +požadavky na filmy / chyby filmů +https://request.media.ocean/ + +správa profilu / hesla atp. +https://id.cqre.net/ + +nové fetaures +https://features.ocean/ + +hlášení bugů +https://issues.ocean/ + +diskuze o systému / fórum +https://cafe.ocean/ + +e-mail +https://mail.postblue.cz/ + +certifikát +https://rootca.cqre.net/ + +VPN +https://vpn.cqre.net/ + +trezor hesel +https://vault.cqre.net/ + + +· Všude se přihlašovat přes CQRE ID / Zitadel; +· V consoli Zitadel/id.cqre mít nastavený passwordless přístup; +· Přihlašování do Jellyfin lze ještě snadněji udělat z jednoho zařízení na druhé přes Quick connect (typicky přihlásit TV pomocí mobilu - Settings / Quick Connect) +· Na VPN (Tailscale) ideálně nikdy nesahat a nechat běžet, v případě nutnosti lze jednoduše vypnout pomocí přepínače, není nutno odhlašovat nebo něco podobného +· Pokud na zařízení nelze instalovat certifikát (typicky TV), nutno přistupovat přes http (bez "s") + + + # Zitadel + Tailscale / Headscale Onboarding Guide This guide walks a new user through joining the Ocean network using **Zitadel** for identity and **Tailscale** (backed by Headscale / Headplane) for secure network access. @@ -67,6 +129,9 @@ The Ocean network uses a **custom Tailscale server (Headscale)** at **[https://v 4. **Close the browser window** (do not log in) 5. Return to the **Tailscale app** 6. Select **Use a custom server** / **Add custom coordination server** + + o Android Detail – Settings / Accounts / ... / Use an alternate server + 7. Enter the server URL exactly: **[https://vpn.cqre.net](https://vpn.cqre.net)** 8. The browser opens again, this time redirecting to **Zitadel** @@ -98,8 +163,33 @@ tailscale login --login-server https://vpn.cqre.net * Your **personal password** 6. After successful authentication, return to the Tailscale app +### Google TV +Install Tailscale app from App store + +Settings / Accounts / ... / Use an alternate server + +Enter http://100.110.58.85:8096 + +⚠️ Important: you can´t use https since you are not able to install certificate on TV device, so please use http only. + + Tailscale will now show the device as **connected**. + +### Apple TV +Install Tailscale app from App store + +Connect, next use auth key, then use a custom coordination server. + +Enter http://100.110.58.85:8096 to custom coordination server. + +⚠️ Important: you can´t use https since you are not able to install certificate on TV device, so please use http only. + +Enter auth key provided by your admin + +Click connect. + + --- You may see a message like *“Connected”* or *“VPN enabled”*. @@ -134,7 +224,24 @@ You may see a message like *“Connected”* or *“VPN enabled”*. --- -## 6. Verifying Connection +## 6. Certificates + +Download root certificate from https://rootca.cqre.net/ + +⚠️ Important: Instal it to root! + +### Windows +– you need to manually select location + + +### Android +Go to settings search for „Install certificate“, select CA Certificate / CA certificate / Install anyway / select file from downloads + +### TV +You are not able to install certificate on TV + + +## 7. Verifying Connection Once connected: @@ -145,7 +252,7 @@ If something works only inside the network, that is expected behavior. --- -## 7. Logging Out or Disconnecting +## 8. Logging Out or Disconnecting * To temporarily disconnect: open Tailscale and toggle **Off** * To log out completely: open Tailscale → Account → **Log out** @@ -154,7 +261,7 @@ You can reconnect anytime by logging in again. --- -## 8. Common Issues +## 9. Common Issues **Browser does not open automatically** @@ -173,7 +280,7 @@ You can reconnect anytime by logging in again. --- -## 9. Security Notes +## 10. Security Notes * Never share your password * The administrator will never ask for your password @@ -183,3 +290,19 @@ You can reconnect anytime by logging in again. Welcome aboard 🌊 You are now part of the Ocean network. + + +# Profile + +Central identity / account management. + +You already have your account – see onboarding phase, you can find it here https://id.cqre.net/ + +Again you can use it as a web app on mobile and desktop. + +You can add profile picture, name etc. to your profile. +You can also manage passwords and other methods. Creating password less access is highly recommended. Create it on mobile for universal use and on desktop if you are using it. + +You can also add 2FA method such as Authentication application which is recommended. + +