Fix: Update authentik Caddy template to use HTTP backend

- Change reverse_proxy from https:// to http:// backend
- Use authentik_http_port instead of authentik_https_port
- Remove unnecessary TLS transport configuration
- Remove health check for non-existent endpoint

This aligns the Ansible template with the working configuration
where authentik only serves HTTP internally and Caddy handles SSL.

roles/valkey/defaults/main.yml

@@ -53,10 +53,6 @@ valkey_appendonly: false  # RDB only for simplicity
 # =================================================================
 # Security Configuration
 # =================================================================
-
-# Security hardening is now built into the custom service file
-
-# Valkey security settings
 valkey_timeout: 300
 valkey_tcp_keepalive: 300
 valkey_tcp_backlog: 511

roles/valkey/tasks/main.yml

@@ -56,23 +56,6 @@
     backup: yes
   notify: restart valkey
 
-- name: Create systemd override directory for Valkey security
-  file:
-    path: /etc/systemd/system/valkey.service.d
-    state: directory
-    mode: '0755'
-  when: valkey_systemd_security
-
-- name: Deploy Valkey systemd security override
-  template:
-    src: systemd-override.conf.j2
-    dest: /etc/systemd/system/valkey.service.d/override.conf
-    mode: '0644'
-  when: valkey_systemd_security
-  notify:
-    - reload systemd
-    - restart valkey
-
 - name: Enable and start Valkey service
   systemd:
     name: valkey
@@ -107,7 +90,7 @@
   when: valkey_service_state == "started" and valkey_unix_socket_enabled
 
 - name: Wait for Valkey to be ready (Unix Socket) - Try with auth if needed
-  command: redis-cli -s {{ valkey_unix_socket_path }} -a {{ valkey_requirepass }} ping
+  command: redis-cli -s {{ valkey_unix_socket_path }} -a {{ valkey_password }} ping
   register: valkey_socket_ping_auth
   until: valkey_socket_ping_auth.stdout == "PONG"
   retries: 5
@@ -120,14 +103,14 @@
     ("NOAUTH" in (valkey_socket_ping_noauth.stdout + valkey_socket_ping_noauth.stderr) or valkey_socket_ping_noauth.rc != 0)
 
 - name: Test Valkey connectivity (TCP)
-  command: redis-cli -h {{ valkey_bind }} -p {{ valkey_port }} -a {{ valkey_requirepass }} ping
+  command: redis-cli -h {{ valkey_bind }} -p {{ valkey_port }} -a {{ valkey_password }} ping
   register: valkey_ping_result_tcp
   changed_when: false
   failed_when: valkey_ping_result_tcp.stdout != "PONG"
   when: valkey_service_state == "started" and not valkey_unix_socket_enabled
 
 - name: Test Valkey connectivity (Unix Socket)
-  command: redis-cli -s {{ valkey_unix_socket_path }} -a {{ valkey_requirepass }} ping
+  command: redis-cli -s {{ valkey_unix_socket_path }} -a {{ valkey_password }} ping
   register: valkey_ping_result_socket
   changed_when: false
   failed_when: valkey_ping_result_socket.stdout != "PONG"

roles/valkey/templates/valkey.conf.j2

@@ -40,7 +40,7 @@ tcp-keepalive {{ valkey_tcp_keepalive }}
 # =================================================================
 
 # Require password for all operations
-requirepass {{ valkey_requirepass }}
+requirepass {{ valkey_password }}
 
 # =================================================================
 # Memory Management
@@ -136,4 +136,4 @@ client-output-buffer-limit pubsub 32mb 8mb 60
 # - Database 3+: Future applications
 #
 # Connection example:
-# redis-cli -h {{ valkey_bind }} -p {{ valkey_port }} -a {{ valkey_requirepass }} -n 1
+# redis-cli -h {{ valkey_bind }} -p {{ valkey_port }} -a {{ valkey_password }} -n 1