Improve logging and infrastructure variable consistency

Changes:
- Migrate Authentik to journald logging (remove file-based logs)
- Update Gitea to use infrastructure variables for PostgreSQL access
- Add comprehensive logging documentation to deployment guide
- Add infrastructure variable pattern guide to integration docs

Authentik Logging:
- Remove LogDriver=k8s-file from server and worker containers
- Remove logs directory creation from user setup tasks
- Update deployment guide with journald examples and JSON log patterns

Gitea Infrastructure Variables:
- Add infrastructure dependencies section to role defaults
- Replace hardcoded paths with postgresql_unix_socket_directories variable
- Replace hardcoded 'postgres' group with postgresql_client_group variable
- Add infrastructure variable validation in tasks
- Remove manual socket permission override (handled by infrastructure)

Documentation:
- Add journald logging best practices to service integration guide
- Add infrastructure variable pattern documentation with Gitea example
- Update Authentik deployment guide with journald commands and JSON filtering
- Document benefits: centralized logging, single source of truth, maintainability

Validated on arch-vps:
- Authentik logs accessible via journalctl and podman logs (identical output)
- Gitea user added to postgres-clients group (GID 962)
- No PostgreSQL socket permission errors after service restart

roles/gitea/tasks/main.yml

@@ -2,6 +2,15 @@
 # Gitea Service Role - Self-Contained Implementation
 # Manages Gitea Git service with own database
 
+- name: Validate infrastructure variables are defined
+  assert:
+    that:
+      - postgresql_unix_socket_directories is defined
+      - postgresql_client_group is defined
+      - postgresql_port is defined
+    fail_msg: "Missing required infrastructure variables. Ensure PostgreSQL role has run first."
+    success_msg: "Infrastructure variables validated successfully"
+
 - name: Install Gitea from Arch repository
   pacman:
     name: gitea
@@ -43,23 +52,16 @@
     group: "{{ gitea_group }}"
     mode: '0700'
 
-# Socket access setup (following Authentik pattern)
-- name: Add git user to postgres group for socket access
+# Socket access setup (using infrastructure variables)
+- name: Add git user to PostgreSQL client group for socket access
   user:
     name: "{{ gitea_user }}"
-    groups: postgres
+    groups: "{{ postgresql_client_group }}"
     append: true
 
-- name: Ensure git can access PostgreSQL socket directory
-  file:
-    path: "/var/run/postgresql"
-    mode: '0770'
-    group: postgres
-  become: true
-
 - name: Test PostgreSQL socket connectivity
   postgresql_ping:
-    login_unix_socket: "/var/run/postgresql"
+    login_unix_socket: "{{ postgresql_unix_socket_directories }}"
     login_user: "{{ gitea_user }}"
   become: true
   become_user: "{{ gitea_user }}"
@@ -70,7 +72,7 @@
     name: "{{ gitea_db_user }}"
     password: "{{ gitea_db_password }}"
     encrypted: yes
-    login_unix_socket: "/var/run/postgresql"
+    login_unix_socket: "{{ postgresql_unix_socket_directories }}"
     login_user: postgres
   become: true
   become_user: postgres
@@ -81,7 +83,7 @@
     owner: "{{ gitea_db_user }}"
     encoding: UTF8
     template: template0
-    login_unix_socket: "/var/run/postgresql"
+    login_unix_socket: "{{ postgresql_unix_socket_directories }}"
     login_user: postgres
   become: true
   become_user: postgres
@@ -92,7 +94,7 @@
     privs: ALL
     type: database
     role: "{{ gitea_db_user }}"
-    login_unix_socket: "/var/run/postgresql"
+    login_unix_socket: "{{ postgresql_unix_socket_directories }}"
     login_user: postgres
   become: true
   become_user: postgres