WIP: Authentik role with Quadlet pod approach - debugging container service generation

- Created authentik.pod file for proper pod definition - Removed superfluous authentik-pod.container file - Updated container templates to reference pod correctly - Issue: Quadlet still reports 'pod authentik is not Quadlet based' - Container services not being generated (only pod service works)
2025-11-26 23:24:09 +01:00
parent 500224b5de
commit df4ae0eb17
12 changed files with 921 additions and 0 deletions
--- a/roles/authentik/templates/authentik.env.j2
+++ b/roles/authentik/templates/authentik.env.j2
@@ -0,0 +1,43 @@
+# Authentik Configuration - Unix Socket IPC
+# Generated by Ansible - DO NOT EDIT
+
+# PostgreSQL Configuration (Unix Socket)
+AUTHENTIK_POSTGRESQL__HOST={{ postgresql_unix_socket_directories }}
+AUTHENTIK_POSTGRESQL__NAME={{ authentik_db_name }}
+AUTHENTIK_POSTGRESQL__USER={{ authentik_db_user }}
+AUTHENTIK_POSTGRESQL__PASSWORD={{ authentik_db_password }}
+# No port needed for Unix socket
+
+# Valkey/Redis Configuration (Unix Socket)  
+AUTHENTIK_REDIS__HOST=unix://{{ valkey_unix_socket_path }}
+AUTHENTIK_REDIS__PASSWORD={{ valkey_password }}
+AUTHENTIK_REDIS__DB={{ authentik_valkey_db }}
+# No port needed for Unix socket
+
+# Authentik Core Configuration
+AUTHENTIK_SECRET_KEY={{ authentik_secret_key }}
+AUTHENTIK_LOG_LEVEL={{ authentik_log_level }}
+AUTHENTIK_ERROR_REPORTING__ENABLED={{ authentik_error_reporting | lower }}
+
+# Security Configuration
+AUTHENTIK_COOKIE_DOMAIN={{ authentik_domain }}
+AUTHENTIK_DISABLE_UPDATE_CHECK=true
+AUTHENTIK_DISABLE_STARTUP_ANALYTICS=true
+
+# Network binding
+AUTHENTIK_LISTEN__HTTP={{ authentik_bind_address }}:{{ authentik_http_port }}
+AUTHENTIK_LISTEN__HTTPS={{ authentik_bind_address }}:{{ authentik_https_port }}
+
+{% if authentik_email_enabled %}
+# Email Configuration
+AUTHENTIK_EMAIL__HOST={{ authentik_email_host }}
+AUTHENTIK_EMAIL__PORT={{ authentik_email_port }}
+AUTHENTIK_EMAIL__USERNAME={{ authentik_email_username }}
+AUTHENTIK_EMAIL__PASSWORD={{ authentik_email_password }}
+AUTHENTIK_EMAIL__USE_TLS={{ authentik_email_tls | lower }}
+AUTHENTIK_EMAIL__FROM={{ authentik_email_from }}
+{% endif %}
+
+# Default admin user
+AUTHENTIK_BOOTSTRAP_PASSWORD={{ authentik_default_admin_password }}
+AUTHENTIK_BOOTSTRAP_EMAIL={{ authentik_default_admin_email }}