Add Authentik SSO service and refactor Valkey configuration to use native tools and consolidated systemd service

roles/authentik/templates/authentik.env.j2

@@ -0,0 +1,39 @@
+# Authentik Environment Configuration
+# Generated by rick-infra Ansible role
+
+# Database Configuration
+AUTHENTIK_POSTGRESQL__HOST={{ authentik_db_host }}
+AUTHENTIK_POSTGRESQL__PORT={{ authentik_db_port }}
+AUTHENTIK_POSTGRESQL__NAME={{ authentik_db_name }}
+AUTHENTIK_POSTGRESQL__USER={{ authentik_db_user }}
+AUTHENTIK_POSTGRESQL__PASSWORD={{ authentik_db_password }}
+
+# Cache Configuration (Valkey/Redis)
+AUTHENTIK_REDIS__HOST={{ authentik_redis_host }}
+AUTHENTIK_REDIS__PORT={{ authentik_redis_port }}
+AUTHENTIK_REDIS__DB={{ authentik_redis_db }}
+{% if authentik_redis_password %}
+AUTHENTIK_REDIS__PASSWORD={{ authentik_redis_password }}
+{% endif %}
+
+# Core Configuration
+AUTHENTIK_SECRET_KEY={{ authentik_secret_key }}
+AUTHENTIK_ERROR_REPORTING__ENABLED={{ authentik_error_reporting_enabled | lower }}
+AUTHENTIK_DISABLE_UPDATE_CHECK={{ authentik_disable_update_check | lower }}
+AUTHENTIK_DISABLE_STARTUP_ANALYTICS={{ authentik_disable_startup_analytics | lower }}
+
+# Worker Configuration
+AUTHENTIK_WORKER__CONCURRENCY={{ authentik_worker_concurrency }}
+
+# Email Configuration
+{% if authentik_email_host %}
+AUTHENTIK_EMAIL__HOST={{ authentik_email_host }}
+AUTHENTIK_EMAIL__PORT={{ authentik_email_port }}
+AUTHENTIK_EMAIL__USERNAME={{ authentik_email_username }}
+AUTHENTIK_EMAIL__PASSWORD={{ authentik_email_password }}
+AUTHENTIK_EMAIL__USE_TLS={{ authentik_email_use_tls | lower }}
+AUTHENTIK_EMAIL__FROM={{ authentik_email_from }}
+{% endif %}
+
+# Trust reverse proxy headers
+AUTHENTIK_LISTEN__TRUSTED_PROXY_CIDRS=127.0.0.1/32,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16