78 lines
1.8 KiB
Nix
78 lines
1.8 KiB
Nix
{
|
|
nixhelm,
|
|
system,
|
|
config,
|
|
lib,
|
|
...
|
|
}: {
|
|
options.authentik.enable = lib.mkEnableOption "authentik";
|
|
|
|
config = lib.mkIf config.authentik.enable {
|
|
kubernetes = {
|
|
helm.releases.authentik = {
|
|
chart = nixhelm.chartsDerivations.${system}.authentik.authentik;
|
|
includeCRDs = true;
|
|
namespace = "authentik";
|
|
|
|
values = {
|
|
authentik = {
|
|
secret_key = "ref+sops://secrets.yml#/authentik/secret_key";
|
|
postgresql.password = "ref+sops://secrets.yml#/authentik/postgresql_password";
|
|
};
|
|
|
|
postgresql = {
|
|
enabled = true;
|
|
auth.password = "ref+sops://secrets.yml#/authentik/postgresql_password";
|
|
primary.persistence.existingClaim = "db";
|
|
};
|
|
|
|
redis = {
|
|
enabled = true;
|
|
master.persistence.existingClaim = "redis";
|
|
};
|
|
|
|
email = {
|
|
host = "mail.smtp2go.com";
|
|
port = 2525;
|
|
username = "ref+sops://secrets.yml#/smtp2go/username";
|
|
password = "ref+sops://secrets.yml#/smtp2go/password";
|
|
from = "Authentik <authentik@kun.is>";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
lab = {
|
|
longhorn.persistentVolumeClaim = {
|
|
db = {
|
|
volumeName = "authentik-db";
|
|
storage = "10Gi";
|
|
};
|
|
|
|
redis = {
|
|
volumeName = "authentik-redis";
|
|
storage = "5Gi";
|
|
};
|
|
};
|
|
|
|
ingresses.authentik = {
|
|
host = "authentik.kun.is";
|
|
|
|
service = {
|
|
name = "authentik-server";
|
|
portName = "http";
|
|
};
|
|
};
|
|
|
|
tailscaleIngresses = {
|
|
tailscale-authentik = {
|
|
host = "authentik";
|
|
service = {
|
|
name = "authentik-server";
|
|
portName = "http";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|