WIP: Authentik role with Quadlet pod approach - debugging container service generation

- Created authentik.pod file for proper pod definition
- Removed superfluous authentik-pod.container file
- Updated container templates to reference pod correctly
- Issue: Quadlet still reports 'pod authentik is not Quadlet based'
- Container services not being generated (only pod service works)

roles/authentik/templates/authentik-server.container

@@ -0,0 +1,25 @@
+[Unit]
+Description=Authentik Server Container
+After=authentik-pod.service
+Requires=authentik-pod.service
+
+[Container]
+ContainerName={{ authentik_container_server_name }}
+Image={{ authentik_image }}:{{ authentik_version }}
+Pod=authentik
+EnvironmentFile={{ authentik_home }}/.env
+
+# Volume mounts for data and sockets
+Volume={{ authentik_media_dir }}:/media
+Volume={{ authentik_data_dir }}:/data
+Volume={{ postgresql_unix_socket_directories }}:{{ postgresql_unix_socket_directories }}:Z
+Volume={{ valkey_unix_socket_path | dirname }}:{{ valkey_unix_socket_path | dirname }}:Z
+
+Exec=server
+
+[Service]
+Restart=always
+TimeoutStartSec=300
+
+[Install]
+WantedBy=default.target

roles/authentik/templates/authentik-worker.container

@@ -0,0 +1,25 @@
+[Unit]
+Description=Authentik Worker Container  
+After=authentik-pod.service
+Requires=authentik-pod.service
+
+[Container]
+ContainerName={{ authentik_container_worker_name }}
+Image={{ authentik_image }}:{{ authentik_version }}
+Pod=authentik
+EnvironmentFile={{ authentik_home }}/.env
+
+# Volume mounts for data and sockets
+Volume={{ authentik_media_dir }}:/media
+Volume={{ authentik_data_dir }}:/data
+Volume={{ postgresql_unix_socket_directories }}:{{ postgresql_unix_socket_directories }}:Z
+Volume={{ valkey_unix_socket_path | dirname }}:{{ valkey_unix_socket_path | dirname }}:Z
+
+Exec=worker
+
+[Service]
+Restart=always
+TimeoutStartSec=300
+
+[Install]
+WantedBy=default.target

roles/authentik/templates/authentik.caddy.j2

@@ -0,0 +1,41 @@
+# Authentik Authentication Service
+{{ authentik_domain }} {
+    reverse_proxy https://{{ authentik_bind_address }}:{{ authentik_https_port }} {
+        transport http {
+            tls_insecure_skip_verify
+        }
+        
+        header_up Host {upstream_hostport}
+        header_up X-Real-IP {remote_host}
+        header_up X-Forwarded-Proto https
+        header_up X-Forwarded-For {remote_host}
+        header_up X-Forwarded-Host {host}
+        
+        # Health check
+        health_uri /if/health/live/
+        health_timeout 10s
+        health_interval 30s
+        health_status 200
+    }
+
+    # Security headers
+    header {
+        X-Frame-Options SAMEORIGIN
+        X-Content-Type-Options nosniff
+        X-XSS-Protection "1; mode=block"
+        Referrer-Policy strict-origin-when-cross-origin
+        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+    }
+
+    # Authentik-specific paths
+    handle_path /outpost.goauthentik.io/* {
+        reverse_proxy https://{{ authentik_bind_address }}:{{ authentik_https_port }}
+    }
+    
+    # Logging
+    log {
+        output file {{ caddy_log_dir }}/authentik.log
+        level INFO
+        format json
+    }
+}

roles/authentik/templates/authentik.env.j2

@@ -0,0 +1,43 @@
+# Authentik Configuration - Unix Socket IPC
+# Generated by Ansible - DO NOT EDIT
+
+# PostgreSQL Configuration (Unix Socket)
+AUTHENTIK_POSTGRESQL__HOST={{ postgresql_unix_socket_directories }}
+AUTHENTIK_POSTGRESQL__NAME={{ authentik_db_name }}
+AUTHENTIK_POSTGRESQL__USER={{ authentik_db_user }}
+AUTHENTIK_POSTGRESQL__PASSWORD={{ authentik_db_password }}
+# No port needed for Unix socket
+
+# Valkey/Redis Configuration (Unix Socket)  
+AUTHENTIK_REDIS__HOST=unix://{{ valkey_unix_socket_path }}
+AUTHENTIK_REDIS__PASSWORD={{ valkey_password }}
+AUTHENTIK_REDIS__DB={{ authentik_valkey_db }}
+# No port needed for Unix socket
+
+# Authentik Core Configuration
+AUTHENTIK_SECRET_KEY={{ authentik_secret_key }}
+AUTHENTIK_LOG_LEVEL={{ authentik_log_level }}
+AUTHENTIK_ERROR_REPORTING__ENABLED={{ authentik_error_reporting | lower }}
+
+# Security Configuration
+AUTHENTIK_COOKIE_DOMAIN={{ authentik_domain }}
+AUTHENTIK_DISABLE_UPDATE_CHECK=true
+AUTHENTIK_DISABLE_STARTUP_ANALYTICS=true
+
+# Network binding
+AUTHENTIK_LISTEN__HTTP={{ authentik_bind_address }}:{{ authentik_http_port }}
+AUTHENTIK_LISTEN__HTTPS={{ authentik_bind_address }}:{{ authentik_https_port }}
+
+{% if authentik_email_enabled %}
+# Email Configuration
+AUTHENTIK_EMAIL__HOST={{ authentik_email_host }}
+AUTHENTIK_EMAIL__PORT={{ authentik_email_port }}
+AUTHENTIK_EMAIL__USERNAME={{ authentik_email_username }}
+AUTHENTIK_EMAIL__PASSWORD={{ authentik_email_password }}
+AUTHENTIK_EMAIL__USE_TLS={{ authentik_email_tls | lower }}
+AUTHENTIK_EMAIL__FROM={{ authentik_email_from }}
+{% endif %}
+
+# Default admin user
+AUTHENTIK_BOOTSTRAP_PASSWORD={{ authentik_default_admin_password }}
+AUTHENTIK_BOOTSTRAP_EMAIL={{ authentik_default_admin_email }}

roles/authentik/templates/authentik.pod

@@ -0,0 +1,15 @@
+[Unit]
+Description=Authentik Authentication Pod
+
+[Pod]
+PodName=authentik
+PublishPort={{ authentik_bind_address }}:{{ authentik_http_port }}:{{ authentik_http_port }}
+PublishPort={{ authentik_bind_address }}:{{ authentik_https_port }}:{{ authentik_https_port }}
+PodmanArgs=--userns=keep-id
+
+[Service]
+Restart=always
+TimeoutStartSec=900
+
+[Install]
+WantedBy=default.target