From 527346566bb89335830a2ab78e20357a81becc46 Mon Sep 17 00:00:00 2001
From: j <repobase@j7b.net>
Date: Thu, 21 Aug 2025 22:27:43 +1000
Subject: [PATCH] Add annotations for hostname and wildcard ssl

---
 applications/40-authentik/authentik.yaml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/applications/40-authentik/authentik.yaml b/applications/40-authentik/authentik.yaml
index 4aa2b92..9603b06 100644
--- a/applications/40-authentik/authentik.yaml
+++ b/applications/40-authentik/authentik.yaml
@@ -25,11 +25,19 @@ spec:
         authentik:
           ingress:
             enabled: true
+            annotations:
+              external-dns.alpha.kubernetes.io/hostname: auth.hxme.net
+              nginx.ingress.kubernetes.io/server-snippet: |
+                add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
             hosts:
               - host: auth.hxme.net
                 paths:
                   - path: /
                     pathType: Prefix
+            tls:
+              - hosts:
+                  - auth.hxme.net
+                secretName: wildcard-hxme-net
   destination:
     server: https://kubernetes.default.svc
     namespace: home-server