add authentik with basic configuration

roles/authentik/templates/.env.authentik.j2

@@ -0,0 +1,21 @@
+AUTHENTIK_ERROR_REPORTING__ENABLED=true
+
+AUTHENTIK_REDIS__HOST=redis
+AUTHENTIK_POSTGRESQL__HOST=postgres
+AUTHENTIK_POSTGRESQL__USER=authentik
+AUTHENTIK_POSTGRESQL__NAME=authentik
+AUTHENTIK_POSTGRESQL__PASSWORD={{ db_password }}
+
+AUTHENTIK_SECRET_KEY={{ authentik_secret_key }}
+
+AUTHENTIK_EMAIL__HOST=smtp.sendgrid.net
+AUTHENTIK_EMAIL__PORT=587
+AUTHENTIK_EMAIL__USERNAME=apikey
+AUTHENTIK_EMAIL__PASSWORD={{ sengrid_api_key }}
+
+AUTHENTIK_EMAIL__USE_TLS=true
+AUTHENTIK_EMAIL__TIMEOUT=10
+AUTHENTIK_EMAIL__FROM=auth@cazzzer.com
+
+AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL=false
+AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME=false

roles/authentik/templates/.env.db.j2

@@ -0,0 +1,3 @@
+POSTGRES_USER=authentik
+POSTGRES_DB=authentik
+POSTGRES_PASSWORD={{ db_password }}

roles/authentik/templates/.env.j2

@@ -0,0 +1 @@
+AUTHENTIK_VERSION=2023.3

roles/authentik/templates/docker-compose.yml.j2

@@ -0,0 +1,59 @@
+{% from "contrib/compose_helpers.j2" import traefik_labels with context %}
+{##}
+version: "3.7"
+
+networks:
+  default:
+  traefik_traefik:
+    external: true
+
+services:
+  server:
+    image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION}
+    container_name: authentik_server
+    labels:
+      - {{ traefik_labels("auth", port="9000") | indent(6) }}
+    restart: unless-stopped
+    command: server
+    env_file:
+      - .env.authentik
+    networks:
+      - default
+      - traefik_traefik
+
+  worker:
+    image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION}
+    container_name: authentik_worker
+    restart: unless-stopped
+    command: worker
+    env_file:
+      - .env.authentik
+    volumes:
+      - {{ base_volume_path }}/authentik/certs:/certs
+
+  postgres:
+    image: postgres:12-alpine
+    container_name: authentik_postgres
+    restart: unless-stopped
+    env_file:
+      - .env.db
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 5s
+    volumes:
+      - {{ base_volume_path }}/authentik/postgres:/var/lib/postgresql/data
+
+  redis:
+    image: redis:alpine
+    container_name: authentik_redis
+    restart: unless-stopped
+    command: --save 60 1 --loglevel warning
+    healthcheck:
+      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 3s

roles/authentik/vars/app_config.yml

@@ -0,0 +1,18 @@
+$ANSIBLE_VAULT;1.2;AES256;alpina
+38336166363764396232386330336236356663376532323666326237336636626661343963653838
+6362363439383865393864363535613664656565653138360a373066343138633337653536386138
+63373232616430626464303832313966353162626333393032656237313939366538643930613365
+6637373666616538370a353635393731356237316462326437326463636438306134323839323637
+31653333326531663236333862316533346533623761306135393233333730386131666235356663
+62313030323736373837633938646237303966373865353037656339613364386165646534373461
+64343164663533613931613461616166646632353362386638336162303935336466393133356265
+31643366623036356632646338616431663737636637656462316165363231383631353961383663
+35613565316638353361316632376263633866353562303832623562393832326439386230343237
+39386536376530336365336234363134643334303836326130396330626566366663303764313262
+33333333353738623230633139343135613730636161306662636136646361613863363461333462
+64633434323361643034333834643766336466333636616136616563643930636339663462633865
+34343133663737356633633264396433373334393065366130313563393231633932663231616137
+65643739333137393034623362303735643166326132343133643435613936373333333464356638
+32646436373264636161613630366661383265373537646239643562303237636663616638383030
+62363664633332663638396630366134613464363137323562646236383961373239333133323964
+3065