I personally use Authelia. I find the installation no be easy and lightweight.

I originally switched to Authelia from Authentik because I wanted to authenticate Radicale. Authentik had more features including a beautiful admin page, but couldn’t proxy HTTP basic authentication, which is required for Cal/CardDav.

I have since switched Radicale to Nextcloud, so may consider switching back to Authentik.

One important thing to note about Authelia is that a single instance can only authenticate for a single domain, so your installation will require at least two instances if you go with Authelia. I am not sure about Authentik.

Overall, SSO is great and I would highly recommend you use it for your services. You can find Authentik tutorials here: https://goauthentik.io/integrations/