Add Authentik SSO service and refactor Valkey configuration to use native tools and consolidated systemd service

2025-11-22 21:36:23 +01:00
parent 500224b5de
commit d814369c99
21 changed files with 769 additions and 74 deletions
--- a/roles/valkey/defaults/main.yml
+++ b/roles/valkey/defaults/main.yml
@@ -19,7 +19,7 @@ valkey_port: 6379
 valkey_protected_mode: true

 # Authentication
-valkey_requirepass: "{{ vault_valkey_password }}"
+valkey_password: "{{ vault_valkey_password }}"

 # =================================================================
 # Performance Settings (Conservative Defaults)
@@ -45,8 +45,7 @@ valkey_appendonly: false  # RDB only for simplicity
 # Security Configuration
 # =================================================================

-# Systemd security hardening
-valkey_systemd_security: true
+# Security hardening is now built into the custom service file

 # Valkey security settings
 valkey_timeout: 300
@@ -85,4 +84,4 @@ valkey_syslog_ident: "valkey"
 # - VALKEY_DB: "1" (or 2, 3, etc. - unique per application)
 #
 # Note: Applications can also use REDIS_* environment variables
-# for compatibility since Valkey is fully Redis-compatible
+# for compatibility since Valkey is fully Redis-compatible