# Authentik role
SSO server

## Notes 
- Requires the podman and postgres roles to be enabled on the same host.
- The server will be mostly unconfigured.

## Options
### `authentik.domain`
The domain used by authentik.

## Secrets
### `authentik/db_pass`
The password for the authentik postgres database. This should be the same as 
`postgres/authentik` on the same host.

### `authentik/secret_key`
The secret key used by authentik. This value can not be changed without data
loss and has to be kept secret at all times.

### `authentik/email_host`
The SMTP host for email. This is not necessarily secret, but here to keep all 
email settings collocated.

Example: `mail.example.com`

### `authentik/email_port`
The SMTP port for email. This is not necessarily secret, but here to keep all 
email settings collocated. **Make sure to quote this value!**

Example: `587`

### `authentik/email_from`
The from address used by authentik. This is not necessarily secret, but here to keep all 
email settings collocated.

Example: `git@example.com`

### `authentik/email_username`
The user used by authentik to authenticate to the SMTP server.

Example: `git@example.com`

### `authentik/email_password`
The password used by authentik to authenticate to the SMTP server.