Add authentik

This commit is contained in:
Julius 2022-05-23 13:43:58 +02:00
parent d88f450f12
commit c54711590c
Signed by: j00lz
GPG key ID: AF241B0AA237BBA2
10 changed files with 90 additions and 1 deletions

View file

@ -0,0 +1,46 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: authentik
namespace: authentik
spec:
interval: 1m0s
chart:
spec:
# renovate: registryUrl=https://charts.goauthentik.io
chart: authentik
version: 2022.4.3
sourceRef:
kind: HelmRepository
name: authentik-charts
namespace: flux-system
interval: 5m
valuesFrom:
- kind: Secret
name: authentik
valuesKey: secret_key
targetPath: authentik.secret_key
optional: false
values:
image:
repository: ghcr.io/goauthentik/server
tag: 2022.5.1
authentik:
error_reporting:
enabled: true
postgresql:
host: "postgres.lxd"
name: "authentik"
user: "authentik"
redis:
enabled: true
architecture: standalone
auth:
enabled: false
ingress:
enabled: true
hosts:
- host: auth.asraphiel.dev
paths:
- path: "/"
pathType: Prefix

View file

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm.yaml

View file

@ -0,0 +1,17 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: authentik
namespace: authentik
spec:
refreshInterval: "5m"
secretStoreRef:
name: vault
kind: ClusterSecretStore
target:
name: authentik
data:
- secretKey: secret_key
remoteRef:
key: k8s/authentik
property: secret_key

View file

@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- test - test
- authentik

View file

@ -0,0 +1,8 @@
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: authentik-charts
namespace: flux-system
spec:
interval: 15m
url: https://charts.goauthentik.io

View file

@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- external-secrets-charts.yaml - external-secrets-charts.yaml
- authentik-charts.yaml

View file

@ -0,0 +1,6 @@
kind: Namespace
apiVersion: v1
metadata:
name: authentik
labels:
name: authentik

View file

@ -3,3 +3,4 @@ kind: Kustomization
resources: resources:
- test-name.yaml - test-name.yaml
- external-secrets.yaml - external-secrets.yaml
- authentik.yaml

View file

@ -50,6 +50,7 @@ in {
virtualHosts."registry.asraphiel.dev" = proxy "http://registry.lxd:5000/"; virtualHosts."registry.asraphiel.dev" = proxy "http://registry.lxd:5000/";
virtualHosts."vaultwarden.asraphiel.dev" = proxy "http://vaultwarden.lxd:8000/"; virtualHosts."vaultwarden.asraphiel.dev" = proxy "http://vaultwarden.lxd:8000/";
virtualHosts."whoami.asraphiel.dev" = k8sProxy; virtualHosts."whoami.asraphiel.dev" = k8sProxy;
virtualHosts."auth.asraphiel.dev" = k8sProxy;
}; };
security.acme.email = "acme@voidcorp.nl"; security.acme.email = "acme@voidcorp.nl";
security.acme.acceptTerms = true; security.acme.acceptTerms = true;

View file

@ -17,7 +17,7 @@
host all all 10.0.0.0/8 trust host all all 10.0.0.0/8 trust
host all all fd42:8db7:2e6b:8e9b:216:3eff::/96 trust host all all fd42:8db7:2e6b:8e9b:216:3eff::/96 trust
''; '';
ensureDatabases = [ "gitea" "vault" "vaultwarden" ]; ensureDatabases = [ "gitea" "vault" "vaultwarden" "authentik" ];
ensureUsers = [ ensureUsers = [
{ {
name = "gitea"; name = "gitea";
@ -32,6 +32,10 @@
name = "vaultwarden"; name = "vaultwarden";
ensurePermissions = { "DATABASE \"vaultwarden\"" = "ALL PRIVILEGES"; }; ensurePermissions = { "DATABASE \"vaultwarden\"" = "ALL PRIVILEGES"; };
} }
{
name = "authentik";
ensurePermissions = { "DATABASE \"authentik\"" = "ALL PRIVILEGES"; };
}
]; ];
enableTCPIP = true; enableTCPIP = true;