From e07f7bf6ab8af9276c927c684b19eed31ff357c5 Mon Sep 17 00:00:00 2001
From: Victor <victor@xirion.net>
Date: Wed, 18 May 2022 12:05:23 +0200
Subject: [PATCH] authentik: deploy

---
 .../apps/authentik/external-secret.yaml       | 17 +++++++
 flux/cluster/apps/authentik/helm-release.yaml | 44 +++++++++++++++++++
 .../cluster/apps/authentik/kustomization.yaml |  3 ++
 nixos/hosts/nginx/configuration.nix           |  1 +
 4 files changed, 65 insertions(+)
 create mode 100644 flux/cluster/apps/authentik/external-secret.yaml
 create mode 100644 flux/cluster/apps/authentik/helm-release.yaml

diff --git a/flux/cluster/apps/authentik/external-secret.yaml b/flux/cluster/apps/authentik/external-secret.yaml
new file mode 100644
index 0000000..e7a2abf
--- /dev/null
+++ b/flux/cluster/apps/authentik/external-secret.yaml
@@ -0,0 +1,17 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: authentik
+  namespace: authentik
+spec:
+  refreshInterval: "5m"
+  secretStoreRef:
+    name: vault
+    kind: ClusterSecretStore
+  target:
+    name: authentik
+  data:
+  - secretKey: secret_key
+    remoteRef:
+      key: authentik/authentik
+      property: secret_key
diff --git a/flux/cluster/apps/authentik/helm-release.yaml b/flux/cluster/apps/authentik/helm-release.yaml
new file mode 100644
index 0000000..670dc61
--- /dev/null
+++ b/flux/cluster/apps/authentik/helm-release.yaml
@@ -0,0 +1,44 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: authentik
+  namespace: identity-system
+spec:
+  interval: 1m0s
+  chart: 
+    spec:
+      # renovate: registryUrl=https://charts.goauthentik.io
+      chart: authentik
+      version: 2022.4.3
+      sourceRef:
+        kind: HelmRepository
+        name: authentik-charts
+        namespace: flux-system
+      interval: 5m
+  valuesFrom:
+    - kind: Secret
+      name: authentik
+      valuesKey: secret_key
+      targetPath: authentik.secret_key
+      optional: false
+  values:
+    authentik:
+      error_reporting:
+        enabled: true
+      postgresql:
+        host: "database.olympus"
+        name: "authentik"
+        user: "authentik"
+    redis:
+      enabled: true
+      architecture: standalone
+      auth:
+        enabled: false
+    ingress:
+      enabled: true
+      ingressClassName: "traefik"
+      hosts:
+        - host: id.0x76.dev
+          paths:
+            - path: "/"
+              pathType: Prefix
diff --git a/flux/cluster/apps/authentik/kustomization.yaml b/flux/cluster/apps/authentik/kustomization.yaml
index 4ea1bcc..9a89122 100644
--- a/flux/cluster/apps/authentik/kustomization.yaml
+++ b/flux/cluster/apps/authentik/kustomization.yaml
@@ -1,2 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
+resources:
+  - external-secret.yaml
+  - helm-release.yaml
diff --git a/nixos/hosts/nginx/configuration.nix b/nixos/hosts/nginx/configuration.nix
index 7425c01..fc57621 100644
--- a/nixos/hosts/nginx/configuration.nix
+++ b/nixos/hosts/nginx/configuration.nix
@@ -45,6 +45,7 @@ in
 
     # Kubernetes endpoints
     virtualHosts."0x76.dev" = k8s_proxy;
+    virtualHosts."id.0x76.dev" = k8s_proxy;
     virtualHosts."zookeeper.0x76.dev" = k8s_proxy;
     virtualHosts."wooloofan.club" = k8s_proxy;
     virtualHosts."whoami.wooloofan.club" = k8s_proxy;