Software

Aegis.

A custom authentication service for my private network of apps. Aegis handles login and identity verification for tools like Arlo and Obol using Tailscale-based access, Telegram 2FA, and signed JWTs for secure communication between services.
All projects
Aegis

I built Aegis because I started running multiple apps inside my own private network, and I needed a simple way to handle authentication across all of them. Instead of adding login systems to each app separately, I wanted one central service that could confirm who I am and let my apps trust that result.

Once I started building multiple tools inside my private network, each one needed a way to handle login and access control. Duplicating authentication in every app quickly became messy and inconsistent, especially as the number of services grew.

Create a single authentication system for my private network that all of my apps can rely on instead of each one handling login separately.

Aegis acts as the central login service for my network. If I'm on my Tailscale network, it uses that identity to authenticate me directly. If I'm outside the network, it falls back to email and password with a Telegram approve/deny 2FA step. Once I'm authenticated, it issues a signed JWT that my apps (like Arlo and Obol) can use to verify access. It runs on my own infrastructure and is designed specifically for my internal tools.

Try It Out

Challenges

What was hard

  • Figuring out how to combine two different trust models: one based on being inside my private network, and one based on traditional login with 2FA.
  • Making those flows work together cleanly, without making the system confusing or fragile, took a lot of iteration.

Wins

What worked

  • Login through Tailscale when on my private network
  • Email/password login with Telegram 2FA when outside the network
  • JWT-based sessions for all internal apps
  • App-specific access tokens for services like Arlo and Obol
  • Rate limiting on login attempts
  • Secure Telegram approval flow
  • Basic logging for authentication events
  • Runs entirely on my own infrastructure
  • Aegis became the central login layer for all my private apps. Instead of rebuilding authentication for every project, I now have one system that everything trusts, which keeps things simpler and more consistent.
  • This project gave me a much better understanding of how authentication actually works in real systems, especially when you control the entire environment. I learned how to think about trust in layers (network vs. credentials) and how to design something that stays simple while still being secure enough for real use.

Skills

What I learned

Backend DevelopmentPythonFastAPIAuthentication SystemsJWTAPI SecurityTailscale NetworkingTelegram Bot IntegrationSystem DesignSelf-hosted Infrastructure

Impact

Outcomes

  • Handles authentication for all of my internal apps.
  • Reduced duplication across projects and provided a single, consistent way to manage access across my private software ecosystem.