infrastructure/black-start
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add authentik

Browse Source
This commit is contained in:
William Peebles
2026-04-08 11:20:06 -04:00
parent 8c5641e8eb
commit 58bb6ffac4
6 changed files with 231 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

170
kubernetes/charts/authentik.nix Normal file
View File

@@ -0,0 +1,170 @@
{
services.k3s.autoDeployCharts = {
authentik = {
name = "authentik";
version = "2026.2.2";
repo = "https://charts.goauthentik.io";
createNamespace = true;
targetNamespace = "authentik";
hash = "sha256-zgoaiXnO2M410oRVnJpg4KCN81psLSjVqUpV6CYowOU=";
values = {
server = {
replicas = 1;
volumeMounts = [
{
name = "cert-dubyatp-xyz";
readOnly = true;
mountPath = "/certs/dubyatp-xyz";
}
];
volumes = [
{
name = "cert-dubyatp-xyz";
secret = {
defaultMode = 420; # octal 0644
secretName = "cert-dubyatp-xyz";
};
}
];
};
worker = {
replicas = 0;
};
global = {
env = [
{
name = "AUTHENTIK_SECRET_KEY";
valueFrom.secretKeyRef = {
name = "authentik-credentials";
key = "authentik-secret-key";
};
}
{
name = "AUTHENTIK_POSTGRESQL__DISABLE_SERVER_SIDE_CURSORS";
value = "true";
}
{
name = "AUTHENTIK_POSTGRESQL__HOST";
value = "weyma-bs-pgsql-rw.cloudnativepg.svc.cluster.local";
}
{
name = "AUTHENTIK_POSTGRESQL__NAME";
value = "authentik";
}
{
name = "AUTHENTIK_POSTGRESQL__USER";
value = "authentik";
}
{
name = "AUTHENTIK_POSTGRESQL__PASSWORD";
valueFrom.secretKeyRef = {
name = "authentik-db-auth";
key = "password";
};
}
{
name = "AUTHENTIK_EMAIL__FROM";
value = "authentik_dubyatp@em924671.dubyatp.xyz";
}
{
name = "AUTHENTIK_EMAIL__HOST";
value = "mail.smtp2go.com";
}
{
name = "AUTHENTIK_EMAIL__USE_TLS";
value = "true";
}
{
name = "AUTHENTIK_EMAIL__USERNAME";
value = "authentik_dubyatp";
}
{
name = "AUTHENTIK_EMAIL__PASSWORD";
valueFrom.secretKeyRef = {
name = "authentik-credentials";
key = "smtp-password";
};
}
{
name = "AUTHENTIK_EMAIL__TIMEOUT";
value = "30";
}
{
name = "AUTHENTIK_STORAGE__BACKEND";
value = "s3";
}
{
name = "AUTHENTIK_STORAGE__S3__ENDPOINT";
value = "https://weyma-s3.infra.dubyatp.xyz";
}
{
name = "AUTHENTIK_STORAGE__S3__BUCKET_NAME";
value = "authentik-files";
}
{
name = "AUTHENTIK_STORAGE__S3__ACCESS_KEY";
valueFrom.secretKeyRef = {
name = "authentik-files";
key = "AWS_ACCESS_KEY_ID";
};
}
{
name = "AUTHENTIK_STORAGE__S3__SECRET_KEY";
valueFrom.secretKeyRef = {
name = "authentik-files";
key = "AWS_SECRET_ACCESS_KEY";
};
}
];
};
additionalObjects = [
{
apiVersion = "networking.k8s.io/v1";
kind = "Ingress";
metadata.name = "authentik-ingress";
spec = {
ingressClassName = "traefik";
rules = [
{
host = "auth.dubyatp.xyz";
http.paths = [
{
backend.service = {
name = "authentik-server";
port.number = 80;
};
path = "/";
pathType = "Prefix";
}
];
}
{
host = "auth-bs.dubyatp.xyz";
http.paths = [
{
backend.service = {
name = "authentik-server";
port.number = 80;
};
path = "/";
pathType = "Prefix";
}
];
}
];
tls = [
{
hosts = [
"auth.dubyatp.xyz"
"auth-bs.dubyatp.xyz"
];
secretName = "cert-dubyatp-xyz";
}
];
};
}
];
};
};
};
}

1
kubernetes/charts/default.nix
View File

@@ -2,5 +2,6 @@
imports = [
./cloudnativepg.nix
./cert-manager.nix
./authentik.nix
];
}