From b52262792dba5222862cf1500d4582ab06e50199 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Wed, 28 May 2025 23:28:52 +0200 Subject: [PATCH] Move authentik off longhorn --- modules/authentik.nix | 38 ++++++++++++++++++++++++++++++++--- modules/bootstrap-default.nix | 5 ----- 2 files changed, 35 insertions(+), 8 deletions(-) diff --git a/modules/authentik.nix b/modules/authentik.nix index ad09497..e3d8746 100644 --- a/modules/authentik.nix +++ b/modules/authentik.nix @@ -26,13 +26,42 @@ postgresql = { enabled = true; auth.password = "ref+sops://secrets.yml#/authentik/postgresql_password"; - primary.persistence.existingClaim = "db"; - primary.extraEnvVarsSecret = "postgresql-env"; + primary = { + persistence.enabled = false; + extraEnvVarsSecret = "postgresql-env"; + extraVolumes = [ + { + name = "data"; + + hostPath = { + path = "/mnt/longhorn/persistent/volumes/authentik-db"; + type = "Directory"; + }; + } + ]; + }; }; redis = { enabled = true; - master.persistence.existingClaim = "redis"; + master = { + persistence.enabled = false; + extraVolumes = [ + { + name = "authentik-redis"; + hostPath = { + path = "/mnt/longhorn/persistent/volumes/authentik-redis"; + type = "Directory"; + }; + } + ]; + extraVolumeMounts = [ + { + mountPath = "/data"; + name = "authentik-redis"; + } + ]; + }; }; }; }; @@ -53,6 +82,9 @@ authentik-server.spec.template.spec.containers.server.env = env; authentik-worker.spec.template.spec.containers.worker.env = env; }; + + statefulSets.authentik-postgresql.spec.template.spec.nodeName = "atlas"; + statefulSets.authentik-redis-master.spec.template.spec.nodeName = "atlas"; }; }; diff --git a/modules/bootstrap-default.nix b/modules/bootstrap-default.nix index d19dabb..7c1cdaa 100644 --- a/modules/bootstrap-default.nix +++ b/modules/bootstrap-default.nix @@ -85,11 +85,6 @@ }; lab = { - longhorn.persistentVolume = { - authentik-db.storage = "10Gi"; - authentik-redis.storage = "5Gi"; - }; - tailscaleIngresses.tailscale-longhorn = { host = "longhorn";