--- # Authentik User Management - Service-Specific User Setup - name: Create authentik group group: name: "{{ authentik_group }}" system: true - name: Create authentik user user: name: "{{ authentik_user }}" group: "{{ authentik_group }}" system: true shell: /bin/bash home: "{{ authentik_home }}" create_home: true comment: "Authentik authentication service" - name: Set up subuid for authentik user lineinfile: path: /etc/subuid line: "{{ authentik_user }}:{{ authentik_subuid_start }}:{{ authentik_subuid_size }}" create: true mode: '0644' - name: Set up subgid for authentik user lineinfile: path: /etc/subgid line: "{{ authentik_user }}:{{ authentik_subgid_start }}:{{ authentik_subgid_size }}" create: true mode: '0644' - name: Create authentik directories file: path: "{{ item }}" state: directory owner: "{{ authentik_user }}" group: "{{ authentik_group }}" mode: '0755' loop: - "{{ authentik_home }}" - "{{ authentik_home }}/.config" - "{{ authentik_home }}/.config/systemd" - "{{ authentik_home }}/.config/systemd/user" - "{{ authentik_home }}/.config/containers" - "{{ authentik_home }}/.config/containers/systemd" - "{{ authentik_home }}/data" - "{{ authentik_home }}/media" - "{{ authentik_home }}/logs" - name: Enable lingering for authentik user command: loginctl enable-linger {{ authentik_user }} args: creates: "/var/lib/systemd/linger/{{ authentik_user }}" - name: Initialize user systemd for authentik systemd: daemon_reload: true scope: user become: true become_user: "{{ authentik_user }}" - name: Get authentik user UID and GID for container configuration shell: | echo "uid=$(id -u {{ authentik_user }})" echo "gid=$(id -g {{ authentik_user }})" register: authentik_user_info changed_when: false - name: Set authentik UID/GID facts for container templates set_fact: authentik_uid: "{{ authentik_user_info.stdout_lines[0] | regex_replace('uid=', '') }}" authentik_gid: "{{ authentik_user_info.stdout_lines[1] | regex_replace('gid=', '') }}"