---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: authentik
  namespace: argocd
spec:
  project: default
  source:
    repoURL: https://charts.goauthentik.io
    chart: "authentik"
    targetRevision: 2025.6.4
    type: helm
    helm:
      values: |
        global:
          envFrom:
            - secretRef:
                name: authentik-env
        redis:
          enabled: false

        postgresql:
          enabled: false

        server:
          ingress:
            enabled: true
            annotations:
              external-dns.alpha.kubernetes.io/hostname: auth.hxme.net
            hosts:
              - host: |
                  auth.hxme.net
                paths:
                  - path: /
                    pathType: Prefix
            tls:
              - hosts:
                  - auth.hxme.net
                secretName: wildcard-hxme-net

  destination:
    server: https://kubernetes.default.svc
    namespace: home-server
  syncPolicy:
    automated:
      selfHeal: true
      prune: true
    syncOptions:
      - CreateNamespace=true
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: authentik-server
  namespace: home-server
  annotations:
    external-dns.alpha.kubernetes.io/hostname: auth.hxme.net
spec:
  tls:
    - hosts:
        - auth.hxme.net
      secretName: wildcard-hxme-net
  rules:
    - host: auth.hxme.net
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: authentik-server
                port:
                  number: 9000