home/kubernetes-deployments
2
0
Fork 0
Code Issues 3 Pull requests Projects Releases Packages Wiki Activity Actions

Configure Authentik auth to Immich

Browse source 
Fix secret substituion for Authentik
This commit is contained in:
Pim Kunis 2025-02-11 22:49:43 +01:00
parent 63d30455a9
commit ce635e415c
2 changed files with 27 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

32
modules/authentik.nix
View file

@ -16,28 +16,42 @@
values = {
authentik = {
secret_key = "ref+sops://secrets.yml#/authentik/secret_key";
postgresql.password = "ref+sops://secrets.yml#/authentik/postgresql_password";
email = {
host = "mail.smtp2go.com";
port = 2525;
from = "Authentik authentik@kun.is";
};
};
postgresql = {
enabled = true;
auth.password = "ref+sops://secrets.yml#/authentik/postgresql_password";
primary.persistence.existingClaim = "db";
primary.extraEnvVarsSecret = "postgresql-env";
};
redis = {
enabled = true;
master.persistence.existingClaim = "redis";
};
};
};
email = {
host = "mail.smtp2go.com";
port = 2525;
username = "ref+sops://secrets.yml#/smtp2go/username";
password = "ref+sops://secrets.yml#/smtp2go/password";
from = "Authentik <authentik@kun.is>";
};
resources = let
env = {
AUTHENTIK_POSTGRESQL__PASSWORD.value = "ref+sops://secrets.yml#/authentik/postgresql_password";
AUTHENTIK_SECRET_KEY.value = "ref+sops://secrets.yml#/authentik/secret_key";
AUTHENTIK_EMAIL__USERNAME.value = "ref+sops://secrets.yml#/smtp2go/username";
AUTHENTIK_EMAIL__PASSWORD.value = "ref+sops://secrets.yml#/smtp2go/password";
};
in {
secrets.postgresql-env.stringData = {
POSTGRES_PASSWORD = "ref+sops://secrets.yml#/authentik/postgresql_password";
};
deployments = {
authentik-server.spec.template.spec.containers.server.env = env;
authentik-worker.spec.template.spec.containers.worker.env = env;
};
};
};