From 7867f905f06aab0c784d23937fa0d5ef23e7df28 Mon Sep 17 00:00:00 2001
From: j <repobase@j7b.net>
Date: Thu, 3 Jul 2025 16:56:59 +1000
Subject: [PATCH 1/2] Specify wildcard cert

---
 deployments/auth/authentik.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/deployments/auth/authentik.yaml b/deployments/auth/authentik.yaml
index f143fa5..e71e874 100644
--- a/deployments/auth/authentik.yaml
+++ b/deployments/auth/authentik.yaml
@@ -40,3 +40,7 @@ spec:
     ingress:
       annotations:
         external-dns.alpha.kubernetes.io/hostname: auth.hxme.net
+      tls:
+        - secretName: wildcard-hxme-net
+          hosts:
+            - auth.hxme.net

From 78b086702563cc0d24ca45775c9b8e902446c646 Mon Sep 17 00:00:00 2001
From: j <repobase@j7b.net>
Date: Thu, 3 Jul 2025 16:57:32 +1000
Subject: [PATCH 2/2] Replicate ssl cert to authentik

---
 deployments/auth/authentik.yaml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/deployments/auth/authentik.yaml b/deployments/auth/authentik.yaml
index e71e874..ced40ed 100644
--- a/deployments/auth/authentik.yaml
+++ b/deployments/auth/authentik.yaml
@@ -13,6 +13,14 @@ spec:
   url: https://charts.goauthentik.io/
   interval: 1h
 ---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: wildcard-hxme-net
+  namespace: authentik
+  annotations:
+    replicator.v1.mittwald.de/replicate-from: cert-manager/wildcard-hxme-net
+---
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata: