Make a pass through homelab services to get OIDC auth setup where it won't immediately break things. Using one of the many forks of TFA for the services that don't natively support SSO.

Then continue on a pub-sub-events-as-webhooks self-host service because I can't stand running Redis for pubsub.