diff --git a/meta/domain/index.yaml b/meta/domain/index.yaml
index 04198a9..415d2f1 100644
--- a/meta/domain/index.yaml
+++ b/meta/domain/index.yaml
@@ -6,37 +6,35 @@ metadata:
   name: domain
   description: null
 options:
-  apps:
+  storage-classes:
     default:
-      enable: false
-      nextcloud:
-        enable: true
+      BlockReadWriteMany: ''
+      BlockReadWriteOnce: ''
+      FilesystemReadWriteMany: ''
+      FilesystemReadWriteOnce: ''
     examples:
-    - enable: false
-      nextcloud:
-        enable: true
+    - BlockReadWriteMany: ''
+      BlockReadWriteOnce: ''
+      FilesystemReadWriteMany: ''
+      FilesystemReadWriteOnce: ''
     properties:
-      enable:
-        default: false
-        type: boolean
-      nextcloud:
-        default:
-          enable: true
-        properties:
-          enable:
-            default: true
-            type: boolean
-        type: object
+      BlockReadWriteMany:
+        default: ''
+        type: string
+      BlockReadWriteOnce:
+        default: ''
+        type: string
+      FilesystemReadWriteMany:
+        default: ''
+        type: string
+      FilesystemReadWriteOnce:
+        default: ''
+        type: string
     type: object
-  ingress-class:
-    default: traefik
+  issuer:
+    default: letsencrypt-prod
     examples:
-    - traefik
-    type: string
-  domain-name:
-    default: your_company.com
-    examples:
-    - your_company.com
+    - letsencrypt-prod
     type: string
   ci:
     default:
@@ -60,11 +58,6 @@ options:
             type: boolean
         type: object
     type: object
-  issuer:
-    default: letsencrypt-prod
-    examples:
-    - letsencrypt-prod
-    type: string
   erp:
     default:
       dolibarr:
@@ -87,16 +80,53 @@ options:
         default: false
         type: boolean
     type: object
+  ingress-class:
+    default: traefik
+    examples:
+    - traefik
+    type: string
   auth:
     default:
+      authentik:
+        enable: true
       enable: true
     examples:
-    - enable: true
+    - authentik:
+        enable: true
+      enable: true
     properties:
+      authentik:
+        default:
+          enable: true
+        properties:
+          enable:
+            default: true
+            type: boolean
+        type: object
       enable:
         default: true
         type: boolean
     type: object
+  domain-name:
+    default: your_company.com
+    examples:
+    - your_company.com
+    type: string
+  distributions:
+    default:
+      core: core
+      domain: domain
+    examples:
+    - core: core
+      domain: domain
+    properties:
+      core:
+        default: core
+        type: string
+      domain:
+        default: domain
+        type: string
+    type: object
   backups:
     default:
       enable: false
@@ -159,20 +189,27 @@ options:
         default: false
         type: boolean
     type: object
-  distributions:
+  apps:
     default:
-      core: core
-      domain: domain
+      enable: false
+      nextcloud:
+        enable: true
     examples:
-    - core: core
-      domain: domain
+    - enable: false
+      nextcloud:
+        enable: true
     properties:
-      core:
-        default: core
-        type: string
-      domain:
-        default: domain
-        type: string
+      enable:
+        default: false
+        type: boolean
+      nextcloud:
+        default:
+          enable: true
+        properties:
+          enable:
+            default: true
+            type: boolean
+        type: object
     type: object
   mail:
     default:
@@ -196,31 +233,6 @@ options:
             type: boolean
         type: object
     type: object
-  storage-classes:
-    default:
-      BlockReadWriteMany: ''
-      BlockReadWriteOnce: ''
-      FilesystemReadWriteMany: ''
-      FilesystemReadWriteOnce: ''
-    examples:
-    - BlockReadWriteMany: ''
-      BlockReadWriteOnce: ''
-      FilesystemReadWriteMany: ''
-      FilesystemReadWriteOnce: ''
-    properties:
-      BlockReadWriteMany:
-        default: ''
-        type: string
-      BlockReadWriteOnce:
-        default: ''
-        type: string
-      FilesystemReadWriteMany:
-        default: ''
-        type: string
-      FilesystemReadWriteOnce:
-        default: ''
-        type: string
-    type: object
 dependencies: []
 providers:
   kubernetes: null
diff --git a/meta/domain/installs.tf b/meta/domain/installs.tf
index 39d589f..db57342 100644
--- a/meta/domain/installs.tf
+++ b/meta/domain/installs.tf
@@ -72,6 +72,15 @@ locals {
         "name" = "nextcloud-nextcloud-pg-app"
         "key" = "password"
       }
+    }]:[], var.auth.enable&&lookup(lookup(merge(var.auth,local.added-auth), "authentik",{}),"enable",false)?[{
+      "name" = "authentik-authentik-pg"
+      "dbname" = "authentik"
+      "username" = "authentik"
+      "namespace" = "${var.namespace}-auth"
+      "secret" = {
+        "name" = "authentik-authentik-pg-app"
+        "key" = "password"
+      }
     }]:[], var.ci.enable&&var.ci.gitea.enable?[{
       "name" = "gitea-gitea-pg"
       "dbname" = "gitea"
@@ -95,6 +104,9 @@ locals {
     external-redis = concat(var.mail.enable&&var.mail.wildduck.enable?[{
       "name" = "wildduck-wildduck-redis"
       "namespace" = "${var.namespace}-mail"
+    }]:[], var.auth.enable&&lookup(lookup(merge(var.auth,local.added-auth), "authentik",{}),"enable",false)?[{
+      "name" = "authentik-authentik-redis"
+      "namespace" = "${var.namespace}-auth"
     }]:[], var.erp.enable&&var.erp.dolibarr.enable?[{
       "name" = "dolibarr-dolibarr-redis"
       "namespace" = "${var.namespace}-erp"