{ services.k3s.autoDeployCharts = { authentik = { name = "authentik"; version = "2026.2.2"; repo = "https://charts.goauthentik.io"; createNamespace = true; targetNamespace = "authentik"; hash = "sha256-zgoaiXnO2M410oRVnJpg4KCN81psLSjVqUpV6CYowOU="; values = { server = { replicas = 1; volumeMounts = [ { name = "cert-dubyatp-xyz"; readOnly = true; mountPath = "/certs/dubyatp-xyz"; } ]; volumes = [ { name = "cert-dubyatp-xyz"; secret = { defaultMode = 420; # octal 0644 secretName = "cert-dubyatp-xyz"; }; } ]; }; worker = { replicas = 0; }; global = { env = [ { name = "AUTHENTIK_SECRET_KEY"; valueFrom.secretKeyRef = { name = "authentik-credentials"; key = "authentik-secret-key"; }; } { name = "AUTHENTIK_POSTGRESQL__DISABLE_SERVER_SIDE_CURSORS"; value = "true"; } { name = "AUTHENTIK_POSTGRESQL__HOST"; value = "weyma-bs-pgsql-rw.cloudnativepg.svc.cluster.local"; } { name = "AUTHENTIK_POSTGRESQL__NAME"; value = "authentik"; } { name = "AUTHENTIK_POSTGRESQL__USER"; value = "authentik"; } { name = "AUTHENTIK_POSTGRESQL__PASSWORD"; valueFrom.secretKeyRef = { name = "authentik-db-auth"; key = "password"; }; } { name = "AUTHENTIK_EMAIL__FROM"; value = "authentik_dubyatp@em924671.dubyatp.xyz"; } { name = "AUTHENTIK_EMAIL__HOST"; value = "mail.smtp2go.com"; } { name = "AUTHENTIK_EMAIL__USE_TLS"; value = "true"; } { name = "AUTHENTIK_EMAIL__USERNAME"; value = "authentik_dubyatp"; } { name = "AUTHENTIK_EMAIL__PASSWORD"; valueFrom.secretKeyRef = { name = "authentik-credentials"; key = "smtp-password"; }; } { name = "AUTHENTIK_EMAIL__TIMEOUT"; value = "30"; } { name = "AUTHENTIK_STORAGE__BACKEND"; value = "s3"; } { name = "AUTHENTIK_STORAGE__S3__ENDPOINT"; value = "https://weyma-s3.infra.dubyatp.xyz"; } { name = "AUTHENTIK_STORAGE__S3__BUCKET_NAME"; value = "authentik-files"; } { name = "AUTHENTIK_STORAGE__S3__ACCESS_KEY"; valueFrom.secretKeyRef = { name = "authentik-files"; key = "AWS_ACCESS_KEY_ID"; }; } { name = "AUTHENTIK_STORAGE__S3__SECRET_KEY"; valueFrom.secretKeyRef = { name = "authentik-files"; key = "AWS_SECRET_ACCESS_KEY"; }; } ]; }; additionalObjects = [ { apiVersion = "networking.k8s.io/v1"; kind = "Ingress"; metadata.name = "authentik-ingress"; spec = { ingressClassName = "traefik"; rules = [ { host = "auth.dubyatp.xyz"; http.paths = [ { backend.service = { name = "authentik-server"; port.number = 80; }; path = "/"; pathType = "Prefix"; } ]; } { host = "auth-bs.dubyatp.xyz"; http.paths = [ { backend.service = { name = "authentik-server"; port.number = 80; }; path = "/"; pathType = "Prefix"; } ]; } ]; tls = [ { hosts = [ "auth.dubyatp.xyz" "auth-bs.dubyatp.xyz" ]; secretName = "cert-dubyatp-xyz"; } ]; }; } ]; }; }; }; }