112 lines
3 KiB
Nix
112 lines
3 KiB
Nix
{
|
|
nixhelm,
|
|
system,
|
|
config,
|
|
lib,
|
|
...
|
|
}: {
|
|
options.authentik.enable = lib.mkEnableOption "authentik";
|
|
|
|
config = lib.mkIf config.authentik.enable {
|
|
kubernetes = {
|
|
helm.releases.authentik = {
|
|
chart = nixhelm.chartsDerivations.${system}.authentik.authentik;
|
|
includeCRDs = true;
|
|
namespace = "authentik";
|
|
|
|
values = {
|
|
authentik = {
|
|
email = {
|
|
host = "mail.smtp2go.com";
|
|
port = 2525;
|
|
from = "Authentik authentik@kun.is";
|
|
};
|
|
};
|
|
|
|
postgresql = {
|
|
enabled = true;
|
|
auth.password = "ref+sops://secrets.yml#/authentik/postgresql_password";
|
|
primary = {
|
|
persistence.enabled = false;
|
|
extraEnvVarsSecret = "postgresql-env";
|
|
extraVolumes = [
|
|
{
|
|
name = "data";
|
|
|
|
hostPath = {
|
|
path = "/mnt/longhorn/persistent/volumes/authentik-db";
|
|
type = "Directory";
|
|
};
|
|
}
|
|
];
|
|
};
|
|
};
|
|
|
|
redis = {
|
|
enabled = true;
|
|
master = {
|
|
persistence.enabled = false;
|
|
extraVolumes = [
|
|
{
|
|
name = "authentik-redis";
|
|
hostPath = {
|
|
path = "/mnt/longhorn/persistent/volumes/authentik-redis";
|
|
type = "Directory";
|
|
};
|
|
}
|
|
];
|
|
extraVolumeMounts = [
|
|
{
|
|
mountPath = "/data";
|
|
name = "authentik-redis";
|
|
}
|
|
];
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
resources = let
|
|
env = {
|
|
AUTHENTIK_POSTGRESQL__PASSWORD.value = "ref+sops://secrets.yml#/authentik/postgresql_password";
|
|
AUTHENTIK_SECRET_KEY.value = "ref+sops://secrets.yml#/authentik/secret_key";
|
|
AUTHENTIK_EMAIL__USERNAME.value = "ref+sops://secrets.yml#/smtp2go/username";
|
|
AUTHENTIK_EMAIL__PASSWORD.value = "ref+sops://secrets.yml#/smtp2go/password";
|
|
};
|
|
in {
|
|
secrets.postgresql-env.stringData = {
|
|
POSTGRES_PASSWORD = "ref+sops://secrets.yml#/authentik/postgresql_password";
|
|
};
|
|
|
|
deployments = {
|
|
authentik-server.spec.template.spec.containers.server.env = env;
|
|
authentik-worker.spec.template.spec.containers.worker.env = env;
|
|
};
|
|
|
|
statefulSets.authentik-postgresql.spec.template.spec.nodeName = "atlas";
|
|
statefulSets.authentik-redis-master.spec.template.spec.nodeName = "atlas";
|
|
};
|
|
};
|
|
|
|
lab = {
|
|
ingresses.authentik = {
|
|
host = "authentik.kun.is";
|
|
|
|
service = {
|
|
name = "authentik-server";
|
|
portName = "http";
|
|
};
|
|
};
|
|
|
|
tailscaleIngresses = {
|
|
tailscale-authentik = {
|
|
host = "authentik";
|
|
service = {
|
|
name = "authentik-server";
|
|
portName = "http";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|