Merge authentik-quadlet-fix: Integrate working authentik implementation

Merge completed authentik Quadlet implementation that resolves all deployment
issues and enables external HTTPS access. This brings the working solution
developed and tested on authentik-quadlet-fix branch into main.

All systemd services now generate correctly and authentik is fully operational
at https://auth.jnss.me with proper SSL termination via Caddy.

roles/valkey/templates/valkey.conf.j2

@@ -8,20 +8,19 @@
 # Network Configuration
 # =================================================================
 
-{% if valkey_bind %}
-# Bind to specified interfaces
+# Bind to localhost only for security (like PostgreSQL)
 bind {{ valkey_bind }}
-{% else %}
-# No TCP binding - Unix socket only
-{% endif %}
 
-# Valkey port (0 = disable TCP)
+# Valkey port
 port {{ valkey_port }}
 
-# Unix socket configuration
-{% if valkey_unixsocket is defined %}
-unixsocket {{ valkey_unixsocket }}
-unixsocketperm {{ valkey_unixsocketperm }}
+{% if valkey_unix_socket_enabled %}
+# Unix Socket Configuration
+unixsocket {{ valkey_unix_socket_path }}
+unixsocketperm {{ valkey_unix_socket_perm }}
+
+# Enable both TCP and Unix socket (for compatibility during transition)
+# To disable TCP completely, comment out the port line above
 {% endif %}
 
 # Protected mode - requires authentication
@@ -41,7 +40,7 @@ tcp-keepalive {{ valkey_tcp_keepalive }}
 # =================================================================
 
 # Require password for all operations
-requirepass {{ valkey_password }}
+requirepass {{ valkey_requirepass }}
 
 # =================================================================
 # Memory Management
@@ -137,4 +136,4 @@ client-output-buffer-limit pubsub 32mb 8mb 60
 # - Database 3+: Future applications
 #
 # Connection example:
-# valkey-cli -h {{ valkey_bind }} -p {{ valkey_port }} -a {{ valkey_password }} -n 1
+# redis-cli -h {{ valkey_bind }} -p {{ valkey_port }} -a {{ valkey_requirepass }} -n 1