apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: authentik
  namespace: argocd
spec:
  project: default
  source:
    repoURL: "https://charts.goauthentik.io/"
    chart: "authentik"
    targetRevision: "2025.6.4"
    type: "helm"
    helm:
      releaseName: "authentik"
      values: |
        global:
          envFrom:
            - secretRef:
                name: authentik-secret
        authentik:
          secret_key: "env://AUTHENTIK_SECRET_KEY"
          postgresql:
            password: "env://AUTHENTIK_POSTGRES_PASSWORD"
          error_reporting:
            enabled: true

        database:
          host: postgresql.database
          existingSecret: authentik-db-credentials
          secretKeys:
            username: POSTGRES_USER
            password: POSTGRES_PASSWORD
            name: POSTGRES_DB

        server:
          ingress:
            enabled: true
            hosts:
              - auth.hxme.net
            annotations:
              external-dns.alpha.kubernetes.io/hostname: auth.hxme.net
            tls:
              - secretName: wildcard-hxme-net
                hosts:
                  - auth.hxme.net
        postgresql:
          enabled: false
        redis:
          enabled: false

  destination:
    server: "https://kubernetes.default.svc"
    namespace: home-server
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=true