diff --git a/applications/50-authentik/authentik.yaml b/applications/50-authentik/authentik.yaml
new file mode 100644
index 0000000..536546e
--- /dev/null
+++ b/applications/50-authentik/authentik.yaml
@@ -0,0 +1,39 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: authentik
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: "https://charts.goauthentik.io/"
+    chart: "authentik"
+    targetRevision: "2024.4.2"
+    helm:
+      releaseName: "authentik"
+      values: |
+        postgresql:
+          enabled: false
+        server:
+          ingress:
+            annotations:
+              external-dns.alpha.kubernetes.io/hostname: auth.hxme.net
+            tls:
+              - secretName: wildcard-hxme-net
+                hosts:
+                  - auth.hxme.net
+      valueFiles: []
+      valuesFrom:
+        - kind: Secret
+          name: authentik-values
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: home-server
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+
diff --git a/deploy/server.yaml b/deploy/server.yaml
index 2995cbe..4dded49 100644
--- a/deploy/server.yaml
+++ b/deploy/server.yaml
@@ -33,9 +33,14 @@ spec:
             namespace: database
             wave:      3
 
+          - name:      authentik
+            path:      applications/50-authentik
+            namespace: home-server
+            wave:      4
+
           - name:      nextcloud
             path:      applications/50-nextcloud
-            namespace: nextcloud
+            namespace: home-server
             wave:      4
 
   template: