Configure Authentik auth to Immich
Fix secret substituion for Authentik
This commit is contained in:
parent
63d30455a9
commit
ce635e415c
2 changed files with 27 additions and 11 deletions
|
@ -16,28 +16,42 @@
|
|||
|
||||
values = {
|
||||
authentik = {
|
||||
secret_key = "ref+sops://secrets.yml#/authentik/secret_key";
|
||||
postgresql.password = "ref+sops://secrets.yml#/authentik/postgresql_password";
|
||||
email = {
|
||||
host = "mail.smtp2go.com";
|
||||
port = 2525;
|
||||
from = "Authentik authentik@kun.is";
|
||||
};
|
||||
};
|
||||
|
||||
postgresql = {
|
||||
enabled = true;
|
||||
auth.password = "ref+sops://secrets.yml#/authentik/postgresql_password";
|
||||
primary.persistence.existingClaim = "db";
|
||||
primary.extraEnvVarsSecret = "postgresql-env";
|
||||
};
|
||||
|
||||
redis = {
|
||||
enabled = true;
|
||||
master.persistence.existingClaim = "redis";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
email = {
|
||||
host = "mail.smtp2go.com";
|
||||
port = 2525;
|
||||
username = "ref+sops://secrets.yml#/smtp2go/username";
|
||||
password = "ref+sops://secrets.yml#/smtp2go/password";
|
||||
from = "Authentik <authentik@kun.is>";
|
||||
};
|
||||
resources = let
|
||||
env = {
|
||||
AUTHENTIK_POSTGRESQL__PASSWORD.value = "ref+sops://secrets.yml#/authentik/postgresql_password";
|
||||
AUTHENTIK_SECRET_KEY.value = "ref+sops://secrets.yml#/authentik/secret_key";
|
||||
AUTHENTIK_EMAIL__USERNAME.value = "ref+sops://secrets.yml#/smtp2go/username";
|
||||
AUTHENTIK_EMAIL__PASSWORD.value = "ref+sops://secrets.yml#/smtp2go/password";
|
||||
};
|
||||
in {
|
||||
secrets.postgresql-env.stringData = {
|
||||
POSTGRES_PASSWORD = "ref+sops://secrets.yml#/authentik/postgresql_password";
|
||||
};
|
||||
|
||||
deployments = {
|
||||
authentik-server.spec.template.spec.containers.server.env = env;
|
||||
authentik-worker.spec.template.spec.containers.worker.env = env;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -46,6 +46,8 @@ authentik:
|
|||
client_secret: ENC[AES256_GCM,data:GgF+gQt8olzKUzGMDL6mh6UWDv49OPDH5tB/gboWkFd7Njc1SrSkqf71gQryOcPQ0vpXrh0nK1z6ZjMpmDEA5ohTwWymeLCgwNtJSAMHZ1VlZ2aQZr70r3KtAxKjmTiT5flUYnxS79fCF43BveSMGeAshRCvQmYCdi43sP2E4To=,iv:DzsIRPiMzxaqVrjaHMVKWgOR0asZQzWf8EE1nxRSJmk=,tag:79bo7EzVq9tvL6ap6jfV+Q==,type:str]
|
||||
forgejo:
|
||||
client_secret: ENC[AES256_GCM,data:I0LBIrsPuARFEcvu0sKhIbkEYxLhZrwpRfPls3KDARu5rnfwgbJ6AVtfMmcAIM9ISFzXykoyMXossHo1i23N90PsHdl2t580EffhJ+q/UUfCIk7/rX/6CXlcb8WHdab4ymN5r9jEsgD3mAWX55IehU96ZKGRKRhxSIowCIYRhyQ=,iv:1wQDGCDhSu0s+IqXULiHmRiKGTLRvOjwsYaNMCWfkjg=,tag:p1mwks0KP9lhbciTIv3/Dw==,type:str]
|
||||
immich:
|
||||
client_secret: ENC[AES256_GCM,data:KrsaLLsjfQsyNQzvQF/pCLj1dhi8tr/OdToY7WczvPUUQKMtSk//oxsiPike/HoVEuCUp+j7UlTfIRPF2xUcPPvw7pkcLhQhcot79aieI1ciIeLZ1Q5svsPrqDBmDY7g65jkzA9vjM9VLTsx4Dx/1vGHDqo7I12qadEQlKAuhhQ=,iv:3icAM7sVe2HlmosbP7VPbcF4SRz/mlbzdQ1gENR9TRs=,tag:O8TCN7NltNpDGoG3T8Ds1w==,type:str]
|
||||
smtp2go:
|
||||
username: ENC[AES256_GCM,data:BEr7Rq7rlGvfYEpY/ZXnhM2eClnHdqU81A==,iv:dwYD5h+C5bzS9ikUgxQ51+jRQ32TtDy2PhDbd1tpS8Q=,tag:CjjLDz5n4H28qi8jWf9S4w==,type:str]
|
||||
password: ENC[AES256_GCM,data:Yys6qy6DRYo16+X+Uj9oa9otjaKBnHOtIQ==,iv:G7H9mxsODShFoVlNMwuV8O18NBG/7LTFDFdqnH83YkE=,tag:hSlYp27QMoPZwiKBqyOpKA==,type:str]
|
||||
|
@ -73,8 +75,8 @@ sops:
|
|||
azR0UkJyL0RwUVk4ZzdkSWptcDlWVjAK5FU9B5TBSnV3azO4eCv13T6i3dGGuI68
|
||||
UgBrVEb1/Fv+4XTjeSEhpiOaH8sNWYoNa3Aa7uTZYlHDRWga2GC7zw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-02-11T13:15:47Z"
|
||||
mac: ENC[AES256_GCM,data:IzXlag5LcmeuH43IdsTJ6pflQYr8B4GqQYXtC385E5oqnnYHUVa27zo8XZEmaL6O9ooDOmcq1rtlZaPIMgawbvfbT2r31C9Z4zuAz50ogypOKuAh+/KeKO5an9YqySM/mrFWujpVk+kExurS+BwKvgLGvKxcRrznWgqjVOEPiiE=,iv:7frEopY+a36KGfCW2/obTOym4RV5sutqKXoiszZ+OJY=,tag:w/8c0Xic/zF22qSXyC+j6A==,type:str]
|
||||
lastmodified: "2025-02-11T17:44:56Z"
|
||||
mac: ENC[AES256_GCM,data:YR0UTMbTjiByzocy9CTSn/veADgundo37Y8Z7MOL1HpvnaCnSiYlYRh70ODRaM73F3SaKgzPW0INKUy6T8kMq/HxlGrrIv331yG88LltR6xkalRBhP3h3mhkW75Px9iXNj8KFE4Q/eUp+Ds2/7gFo/oRryDngXoPPBqgBFupr/U=,iv:TmpXbrFY2XmBA2XwCIy6Vgbj0W0Rcn4GrJ0Ra7tSXiY=,tag:coymhw3aTjbTIAmEDdiHkw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.4
|
||||
|
|
Loading…
Add table
Reference in a new issue