From dce92aeb2879cfccef32f7753b50e1cba5892693 Mon Sep 17 00:00:00 2001
From: baschno <bastian.schnorbus@gmail.com>
Date: Sun, 25 Jan 2026 20:22:36 +0100
Subject: [PATCH] authentik initial

---
 12_Authentik/authentik-values.gomplate.yaml | 21 ++++++++++++++++
 12_Authentik/justfile                       | 28 +++++++++++++++++++++
 env/env.local.gomplate                      |  1 +
 env/justfile                                |  9 +++++++
 4 files changed, 59 insertions(+)
 create mode 100644 12_Authentik/authentik-values.gomplate.yaml
 create mode 100644 12_Authentik/justfile

diff --git a/12_Authentik/authentik-values.gomplate.yaml b/12_Authentik/authentik-values.gomplate.yaml
new file mode 100644
index 0000000..b5ca9d3
--- /dev/null
+++ b/12_Authentik/authentik-values.gomplate.yaml
@@ -0,0 +1,21 @@
+authentik:
+    secret_key: "PleaseGenerateASecureKey"
+    # This sends anonymous usage-data, stack traces on errors and
+    # performance data to sentry.io, and is fully opt-in
+    error_reporting:
+        enabled: true
+    postgresql:
+        password: "ThisIsNotASecurePassword"
+
+server:
+    ingress:
+        # Specify kubernetes ingress controller class name
+        ingressClassName: nginx | traefik | kong
+        enabled: true
+        hosts:
+            - authentik.domain.tld
+
+postgresql:
+    enabled: true
+    auth:
+        password: "ThisIsNotASecurePassword"
\ No newline at end of file
diff --git a/12_Authentik/justfile b/12_Authentik/justfile
new file mode 100644
index 0000000..be03490
--- /dev/null
+++ b/12_Authentik/justfile
@@ -0,0 +1,28 @@
+set fallback := true
+
+export AUTHENTIK_NAMESPACE := env("AUTHENTIK_NAMESPACE", "authentik")
+
+[private]
+default:
+    @just --list --unsorted --list-submodules
+
+# Add Helm repository
+add-helm-repo:
+    @helm repo add authentik https://charts.goauthentik.io
+    @helm repo update
+
+# Remove Helm repository
+remove-helm-repo:
+    @helm repo remove authentik
+
+
+install:
+    @just add-helm-repo
+    @helm upgrade --cleanup-on-fail --install authentik authentik/authentik \
+        -n ${AUTHENTIK_NAMESPACE} --create-namespace --wait \
+        -f authentik-values.yaml
+
+
+uninstall:
+    @helm uninstall authentik -n ${AUTHENTIK_NAMESPACE} --wait
+    @kubectl delete namespace ${AUTHENTIK_NAMESPACE} --ignore-not-found
diff --git a/env/env.local.gomplate b/env/env.local.gomplate
index f118bc6..883dbeb 100644
--- a/env/env.local.gomplate
+++ b/env/env.local.gomplate
@@ -8,3 +8,4 @@ CLOUDFLARE_API_TOKEN={{ .Env.CLOUDFLARE_API_TOKEN}}
 ACME_EMAIL={{ .Env.ACME_EMAIL}}
 EXTERNAL_DOMAIN={{ .Env.EXTERNAL_DOMAIN }}
 VAULT_HOST={{ .Env.VAULT_HOST }}
+AUTHENTIK_HOST={{ .Env.AUTHENTIK_HOST }}
\ No newline at end of file
diff --git a/env/justfile b/env/justfile
index 9e9bc72..2fab61a 100644
--- a/env/justfile
+++ b/env/justfile
@@ -129,6 +129,15 @@ setup:
             exit 1
         fi
     done
+    while [ -z "${AUTHENTIK_HOST}" ]; do
+        if ! AUTHENTIK_HOST=$(
+            gum input --prompt="Authentik hostname: " \
+            --width=100 --placeholder="authentik"
+        ); then
+            echo "Setup cancelled." >&2
+            exit 1
+        fi
+    done
 
     echo "Generating .env.local file..."    
     rm -f ../.env.local