# Authentik Pod Quadlet
# Generated by rick-infra Ansible role

[Unit]
Description=Authentik Authentication Service Pod
Wants=network-online.target
After=network-online.target

[Pod]
PodName={{ authentik_pod_name }}
Network={{ authentik_network_name }}

# Mount Unix socket for PostgreSQL (Valkey uses TCP via host.containers.internal)
Volume=/run/postgresql:/run/postgresql:ro
# Host gateway allows access to localhost services
{% if authentik_enable_host_gateway | default(true) %}
AddHost=host.containers.internal:host-gateway
{% endif %}

# Published ports for web access
PublishPort={{ authentik_http_port }}:9000
PublishPort={{ authentik_https_port }}:9443

[Install]
WantedBy=default.target