From 39c65eae4ee2d6e03aad39ed242b1a479a81413e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Krop=C3=A1=C4=8Dek?= <kropikuba@gmail.com>
Date: Tue, 11 Feb 2025 08:07:24 +0100
Subject: [PATCH] WiP

---
 stages/base/kustomize/csi-driver-nfs.yaml     |  4 +-
 stages/identity/helmfile.yaml                 |  1 -
 .../values/authentik.values.yaml.gotmpl       | 37 +++++++++++--------
 3 files changed, 25 insertions(+), 17 deletions(-)

diff --git a/stages/base/kustomize/csi-driver-nfs.yaml b/stages/base/kustomize/csi-driver-nfs.yaml
index 5b9315a..1a2a64e 100644
--- a/stages/base/kustomize/csi-driver-nfs.yaml
+++ b/stages/base/kustomize/csi-driver-nfs.yaml
@@ -10,4 +10,6 @@ parameters:
   share: /mnt/nas
 reclaimPolicy: Delete
 volumeBindingMode: Immediate
-allowVolumeExpansion: true
\ No newline at end of file
+allowVolumeExpansion: true
+mountOptions:
+  - nfsvers=4.1
\ No newline at end of file
diff --git a/stages/identity/helmfile.yaml b/stages/identity/helmfile.yaml
index 05a3054..bb7bd0f 100644
--- a/stages/identity/helmfile.yaml
+++ b/stages/identity/helmfile.yaml
@@ -9,4 +9,3 @@ releases:
     version: 2024.12.3
     values:
       - ./values/authentik.values.yaml.gotmpl
-    installed: false
\ No newline at end of file
diff --git a/stages/identity/values/authentik.values.yaml.gotmpl b/stages/identity/values/authentik.values.yaml.gotmpl
index d4c407e..d47f7ab 100644
--- a/stages/identity/values/authentik.values.yaml.gotmpl
+++ b/stages/identity/values/authentik.values.yaml.gotmpl
@@ -1,7 +1,14 @@
 postgresql:
+  image:
+    debug: true
   enabled: true
   auth:
     password: {{ readFile "../.envs/.authentik-postgresql" }}
+  resources:
+    limits:
+      hugepages-2Mi: "512Mi"
+  volumePermissions:
+    enabled: true
 
 authentik:
   secret_key: {{ readFile "../.envs/.authentik-secret-key" }}
@@ -11,18 +18,18 @@ authentik:
 
 redis:
   enabled: true
-
-server:
-  ingress:
-    ingressClassName: nginx
-    enabled: true
-    hosts:
-      - idp.kropcloud.net
-    annotations:
-      nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
-      nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
-      cert-manager.io/cluster-issuer: cloudflare-issuer
-    tls:
-      - hosts: 
-        - idp.kropcloud.net
-        secretName: authentik-tls
\ No newline at end of file
+# 
+# server:
+#   ingress:
+#     ingressClassName: nginx
+#     enabled: true
+#     hosts:
+#       - idp.kropcloud.net
+#     annotations:
+#       nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+#       nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
+#       cert-manager.io/cluster-issuer: cloudflare-issuer
+#     tls:
+#       - hosts: 
+#         - idp.kropcloud.net
+#         secretName: authentik-tls