kubernetes-deployments/modules/authentik.nix

{
  nixhelm,
  system,
  config,
  lib,
  ...
}: {
  options.authentik.enable = lib.mkEnableOption "authentik";

  config = lib.mkIf config.authentik.enable {
    kubernetes = {
      helm.releases.authentik = {
        chart = nixhelm.chartsDerivations.${system}.authentik.authentik;
        includeCRDs = true;
        namespace = "authentik";

        values = {
          authentik = {
            secret_key = "ref+sops://secrets.yml#/authentik/secret_key";
            postgresql.password = "ref+sops://secrets.yml#/authentik/postgresql_password";
          };

          postgresql = {
            enabled = true;
            auth.password = "ref+sops://secrets.yml#/authentik/postgresql_password";
            primary.persistence.existingClaim = "db";
          };

          redis = {
            enabled = true;
            master.persistence.existingClaim = "redis";
          };

          email = {
            host = "mail.smtp2go.com";
            port = 2525;
            username = "ref+sops://secrets.yml#/smtp2go/username";
            password = "ref+sops://secrets.yml#/smtp2go/password";
            from = "Authentik <authentik@kun.is>";
          };
        };
      };
    };

    lab = {
      longhorn.persistentVolumeClaim = {
        db = {
          volumeName = "authentik-db";
          storage = "10Gi";
        };

        redis = {
          volumeName = "authentik-redis";
          storage = "5Gi";
        };
      };

      ingresses.authentik = {
        host = "authentik.kun.is";

        service = {
          name = "authentik-server";
          portName = "http";
        };
      };

      tailscaleIngresses = {
        tailscale-authentik = {
          host = "authentik";
          service = {
            name = "authentik-server";
            portName = "http";
          };
        };
      };
    };
  };
}
Replace Authelia with Authentik 2025-02-10 22:51:18 +01:00			`{`
			`nixhelm,`
			`system,`
			`config,`
			`lib,`
			`...`
			`}: {`
			`options.authentik.enable = lib.mkEnableOption "authentik";`

			`config = lib.mkIf config.authentik.enable {`
			`kubernetes = {`
			`helm.releases.authentik = {`
			`chart = nixhelm.chartsDerivations.${system}.authentik.authentik;`
			`includeCRDs = true;`
			`namespace = "authentik";`

			`values = {`
			`authentik = {`
			`secret_key = "ref+sops://secrets.yml#/authentik/secret_key";`
			`postgresql.password = "ref+sops://secrets.yml#/authentik/postgresql_password";`
			`};`

			`postgresql = {`
			`enabled = true;`
			`auth.password = "ref+sops://secrets.yml#/authentik/postgresql_password";`
			`primary.persistence.existingClaim = "db";`
			`};`

			`redis = {`
			`enabled = true;`
			`master.persistence.existingClaim = "redis";`
			`};`

			`email = {`
			`host = "mail.smtp2go.com";`
			`port = 2525;`
			`username = "ref+sops://secrets.yml#/smtp2go/username";`
			`password = "ref+sops://secrets.yml#/smtp2go/password";`
			`from = "Authentik <authentik@kun.is>";`
			`};`
			`};`
			`};`
			`};`

			`lab = {`
			`longhorn.persistentVolumeClaim = {`
			`db = {`
			`volumeName = "authentik-db";`
			`storage = "10Gi";`
			`};`

			`redis = {`
			`volumeName = "authentik-redis";`
			`storage = "5Gi";`
			`};`
			`};`

			`ingresses.authentik = {`
			`host = "authentik.kun.is";`

			`service = {`
			`name = "authentik-server";`
			`portName = "http";`
			`};`
			`};`

			`tailscaleIngresses = {`
			`tailscale-authentik = {`
			`host = "authentik";`
			`service = {`
			`name = "authentik-server";`
			`portName = "http";`
			`};`
			`};`
			`};`
			`};`
			`};`
			`}`