---
# Authentik Authentication Service Role - Containerized Implementation
# Manages Authentik using Podman with self-contained database

- name: Create authentik user and configure subuid/subgid
  include_tasks: user.yml

- name: Set up authentik database
  include_tasks: database.yml

- name: Configure container networking
  include_tasks: networking.yml

- name: Deploy authentik containers via quadlets
  include_tasks: containers.yml

- name: Deploy Caddy configuration for Authentik
  template:
    src: authentik.caddy.j2
    dest: "{{ caddy_sites_enabled_dir }}/authentik.caddy"
    mode: '0644'
  notify: reload caddy
  when: caddy_sites_enabled_dir is defined

- name: Display Authentik service status
  debug:
    msg: |
      ✅ Authentik authentication service deployed successfully!
      
      🌐 Web Interface: https://{{ authentik_full_domain }}
      🔐 Admin Interface: https://{{ authentik_full_domain }}/if/admin/
      📦 Local HTTP: http://127.0.0.1:{{ authentik_http_port }}
      🗄️  Database: {{ authentik_db_name }} (self-managed)
      🚀 Cache: Valkey database {{ authentik_redis_db }}
      
      🏗️ Authentication service ready for SSO integration!