diff --git a/deployments/auth/authentik.yaml b/deployments/auth/authentik.yaml
new file mode 100644
index 0000000..87661af
--- /dev/null
+++ b/deployments/auth/authentik.yaml
@@ -0,0 +1,58 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: authentik
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: authentik
+  namespace: flux-system
+spec:
+  url: https://charts.goauthentik.io/
+  interval: 1h
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: authentik
+  namespace: authentik
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: authentik
+      version: 2024.4.2
+      sourceRef:
+        kind: HelmRepository
+        name: authentik
+        namespace: flux-system
+  install:
+    createNamespace: true
+  upgrade:
+    disableWait: false
+  timeout: 10m
+  values:
+    # Optional example values below
+    server:
+      ingress:
+        enabled: true
+        ingressClassName: traefik
+        annotations:
+          cert-manager.io/cluster-issuer: "letsencrypt-prod"
+          external-dns.alpha.kubernetes.io/hostname: auth.hxme.net
+        hosts:
+          - host: auth.hxme.net
+            paths:
+              - path: /
+                pathType: Prefix
+        tls:
+          - secretName: authentik-tls
+            hosts:
+              - authentik.example.com
+    postgresql:
+      enabled: true  # Set to false if using external DB
+    redis:
+      enabled: true  # Set to false if using external Redis
+
diff --git a/deployments/kustomization.yaml b/deployments/kustomization.yaml
index b53474b..3ae2ad6 100644
--- a/deployments/kustomization.yaml
+++ b/deployments/kustomization.yaml
@@ -11,4 +11,4 @@ resources:
   - dns/bind.yaml
   - dns/externaldns.yaml
   - files/nextcloud.yaml
-  - ssl/certmanager.yaml
+  - files/syncthing.yaml