WIP: Authentik role with Quadlet pod approach - debugging container service generation

- Created authentik.pod file for proper pod definition - Removed superfluous authentik-pod.container file - Updated container templates to reference pod correctly - Issue: Quadlet still reports 'pod authentik is not Quadlet based' - Container services not being generated (only pod service works)
2025-11-26 23:24:09 +01:00
parent 500224b5de
commit df4ae0eb17
12 changed files with 921 additions and 0 deletions
--- a/roles/authentik/tasks/cache.yml
+++ b/roles/authentik/tasks/cache.yml
@@ -0,0 +1,70 @@
+---
+# Cache setup for Authentik - Self-contained socket permissions
+
+- name: Add authentik user to valkey group for socket access
+  user:
+    name: "{{ authentik_user }}"
+    groups: valkey
+    append: true
+
+- name: Ensure authentik can access Valkey socket directory
+  file:
+    path: "{{ valkey_unix_socket_path | dirname }}"
+    mode: '0770'
+    group: valkey
+  become: true
+
+- name: Test Valkey socket connectivity
+  command: >
+    redis-cli -s {{ valkey_unix_socket_path }}
+    -a {{ valkey_password }}
+    -n {{ authentik_valkey_db }}
+    ping
+  become: true
+  become_user: "{{ authentik_user }}"
+  register: valkey_socket_test
+  failed_when: valkey_socket_test.stdout != "PONG"
+  changed_when: false
+
+- name: Configure Authentik Valkey database
+  command: >
+    redis-cli -s {{ valkey_unix_socket_path }}
+    -a {{ valkey_password }}
+    -n {{ authentik_valkey_db }}
+    CONFIG SET save ""
+  become: true
+  become_user: "{{ authentik_user }}"
+  register: valkey_config_result
+  changed_when: true
+  
+- name: Verify Authentik can write to Valkey database
+  command: >
+    redis-cli -s {{ valkey_unix_socket_path }}
+    -a {{ valkey_password }}
+    -n {{ authentik_valkey_db }}
+    SET authentik:healthcheck "{{ ansible_date_time.iso8601 }}"
+  become: true
+  become_user: "{{ authentik_user }}"
+  register: valkey_write_test
+  changed_when: false
+
+- name: Clean up Valkey test key
+  command: >
+    redis-cli -s {{ valkey_unix_socket_path }}
+    -a {{ valkey_password }}
+    -n {{ authentik_valkey_db }}
+    DEL authentik:healthcheck
+  become: true
+  become_user: "{{ authentik_user }}"
+  changed_when: false
+
+- name: Display cache setup status
+  debug:
+    msg: |
+      ✅ Authentik cache setup complete!
+      
+      🗄️ Cache DB: {{ authentik_valkey_db }}
+      🔌 Connection: Unix socket ({{ valkey_unix_socket_path }})
+      📊 Test: {{ valkey_socket_test.stdout }}
+      
+      🏗️ Ready for Authentik container deployment