Add Authentik SSO service and refactor Valkey configuration to use native tools and consolidated systemd service

roles/authentik/tasks/user.yml

@@ -0,0 +1,60 @@
+---
+# Authentik User Management - Service-Specific User Setup
+
+- name: Create authentik group
+  group:
+    name: "{{ authentik_group }}"
+    system: yes
+
+- name: Create authentik user
+  user:
+    name: "{{ authentik_user }}"
+    group: "{{ authentik_group }}"
+    system: yes
+    shell: /bin/bash
+    home: "{{ authentik_home }}"
+    create_home: yes
+    comment: "Authentik authentication service"
+
+- name: Set up subuid for authentik user
+  lineinfile:
+    path: /etc/subuid
+    line: "{{ authentik_user }}:{{ authentik_subuid_start }}:{{ authentik_subuid_size }}"
+    create: yes
+    mode: '0644'
+
+- name: Set up subgid for authentik user
+  lineinfile:
+    path: /etc/subgid
+    line: "{{ authentik_user }}:{{ authentik_subgid_start }}:{{ authentik_subgid_size }}"
+    create: yes
+    mode: '0644'
+
+- name: Create authentik directories
+  file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ authentik_user }}"
+    group: "{{ authentik_group }}"
+    mode: '0755'
+  loop:
+    - "{{ authentik_home }}"
+    - "{{ authentik_home }}/.config"
+    - "{{ authentik_home }}/.config/systemd"
+    - "{{ authentik_home }}/.config/systemd/user"
+    - "{{ authentik_home }}/.config/containers"
+    - "{{ authentik_home }}/.config/containers/systemd"
+    - "{{ authentik_home }}/data"
+    - "{{ authentik_home }}/media"
+
+- name: Enable lingering for authentik user
+  command: loginctl enable-linger {{ authentik_user }}
+  args:
+    creates: "/var/lib/systemd/linger/{{ authentik_user }}"
+
+- name: Initialize user systemd for authentik
+  systemd:
+    daemon_reload: yes
+    scope: user
+  become: yes
+  become_user: "{{ authentik_user }}"