Switching over to using unix sockets for ICP

roles/authentik/defaults/main.yml

@@ -46,7 +46,7 @@ caddy_sites_enabled_dir: "/etc/caddy/sites-enabled"
 
 # Authentik manages its own database
 authentik_db_engine: "postgresql"
-authentik_db_host: "host.containers.internal"
+authentik_db_host: "/run/postgresql"  # Unix socket directory
 authentik_db_port: 5432
 authentik_db_name: "authentik"
 authentik_db_user: "authentik"
@@ -56,11 +56,11 @@ authentik_db_password: "{{ vault_authentik_db_password }}"
 # Cache Configuration (Valkey/Redis)
 # =================================================================
 
-# Valkey/Redis cache configuration
-authentik_redis_host: "host.containers.internal"
+# Valkey/Redis cache configuration (TCP via host gateway)  
+authentik_redis_host: "host.containers.internal"  # Using TCP due to Authentik Unix socket issues
 authentik_redis_port: 6379
 authentik_redis_db: 1
-authentik_redis_password: ""  # Valkey has no auth by default
+authentik_redis_password: "{{ vault_valkey_password | default('') }}"
 
 # =================================================================
 # Application Settings
@@ -104,4 +104,4 @@ authentik_enable_host_gateway: true
 # - Uses Valkey database 1 for caching
 # - Deploys Caddy configuration to sites-enabled
 # - Uses Podman quadlets for systemd integration
-# - Follows containerized service pattern with service-specific user
+# - Follows containerized service pattern with service-specific user