I know the feeling. Ive already configured almost all services to be header auth or disabled auth entirely if possible, and just put them all behind a SSO forward proxy (nginx + authentik)

I also played around with injecting a tiny script into the proxied response to just add a small drop down menu with all services I've got available. .. while that worked, finding a good place to inject that menu was a chore so it's currently disabled again :)