40 lines
1.5 KiB
Nix
40 lines
1.5 KiB
Nix
{ config, ... }:
|
|
{
|
|
sops.templates."authentik-credentials.yaml" = {
|
|
mode = "0444";
|
|
content = ''
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: authentik-credentials
|
|
namespace: authentik
|
|
type: Opaque
|
|
stringData:
|
|
admin-password: ${config.sops.placeholder.authentik_admin_password}
|
|
authentik-secret-key: ${config.sops.placeholder.authentik_secret_key}
|
|
replication-password: ${config.sops.placeholder.authentik_replication_password}
|
|
smtp-password: ${config.sops.placeholder.authentik_smtp_password}
|
|
user-password: ${config.sops.placeholder.authentik_user_password}
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: authentik-db-auth
|
|
namespace: authentik
|
|
type: Opaque
|
|
stringData:
|
|
password: ${config.sops.placeholder.authentik_db_password}
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: authentik-files
|
|
namespace: authentik
|
|
type: Opaque
|
|
stringData:
|
|
AWS_ACCESS_KEY_ID: ${config.sops.placeholder.authentik_files_keyid}
|
|
AWS_SECRET_ACCESS_KEY: ${config.sops.placeholder.authentik_files_keysecret}
|
|
'';
|
|
path = "/var/lib/rancher/k3s/server/manifests/secrets/authentik-credentials.yaml";
|
|
};
|
|
} |