rick-infra/roles/authentik/tasks/cache.yml

---
# Cache setup for Authentik - Self-contained socket permissions

- name: Add authentik user to valkey group for socket access
  user:
    name: "{{ authentik_user }}"
    groups: valkey
    append: true

- name: Ensure authentik can access Valkey socket directory
  file:
    path: "{{ valkey_unix_socket_path | dirname }}"
    mode: '0770'
    group: valkey
  become: true

- name: Test Valkey socket connectivity
  command: >
    redis-cli -s {{ valkey_unix_socket_path }}
    -a {{ valkey_password }}
    -n {{ authentik_valkey_db }}
    ping
  become: true
  become_user: "{{ authentik_user }}"
  register: valkey_socket_test
  failed_when: valkey_socket_test.stdout != "PONG"
  changed_when: false

- name: Configure Authentik Valkey database
  command: >
    redis-cli -s {{ valkey_unix_socket_path }}
    -a {{ valkey_password }}
    -n {{ authentik_valkey_db }}
    CONFIG SET save ""
  become: true
  become_user: "{{ authentik_user }}"
  register: valkey_config_result
  changed_when: true
  
- name: Verify Authentik can write to Valkey database
  command: >
    redis-cli -s {{ valkey_unix_socket_path }}
    -a {{ valkey_password }}
    -n {{ authentik_valkey_db }}
    SET authentik:healthcheck "{{ ansible_date_time.iso8601 }}"
  become: true
  become_user: "{{ authentik_user }}"
  register: valkey_write_test
  changed_when: false

- name: Clean up Valkey test key
  command: >
    redis-cli -s {{ valkey_unix_socket_path }}
    -a {{ valkey_password }}
    -n {{ authentik_valkey_db }}
    DEL authentik:healthcheck
  become: true
  become_user: "{{ authentik_user }}"
  changed_when: false

- name: Display cache setup status
  debug:
    msg: |
      ✅ Authentik cache setup complete!
      
      🗄️ Cache DB: {{ authentik_valkey_db }}
      🔌 Connection: Unix socket ({{ valkey_unix_socket_path }})
      📊 Test: {{ valkey_socket_test.stdout }}
      
      🏗️ Ready for Authentik container deployment