feat: add ability to provision local users using blueprints

roles/authentik/defaults/main.yml

@@ -98,3 +98,16 @@ authentik_entra_sources: []
 authentik_login_source_ids: []
 # - "source-entra-entra-id"
 authentik_identification_stage_name: default-authentication-identification
+
+# Local users to provision
+authentik_local_users: []
+# - username: admin
+#   name: "Admin User"
+#   email: "admin@example.com"
+#   password_env: AUTHENTIK_ADMIN_PASSWORD  # reference env var in authentik_blueprint_env
+#   is_active: true
+#   groups:
+#     - authentik Admins
+#   attributes:
+#     settings:
+#       locale: en

roles/authentik/tasks/main.yml

@@ -77,6 +77,14 @@
     mode: "0644"
   register: login_bp
 
+- name: Render local users blueprint
+  ansible.builtin.template:
+    src: blueprints/blueprint-local-users.yaml.j2
+    dest: "{{ authentik_docker_volume_dir }}/blueprints/05-local-users.yaml"
+    mode: "0644"
+  when: authentik_local_users | length > 0
+  register: local_users_bp
+
 - name: Create docker-compose file for authentik
   template:
     src: docker-compose.yml.j2
@@ -95,5 +103,6 @@
          or (outpost_bp is defined and (outpost_bp.results | selectattr('changed') | list | length > 0))
          or (entra_bp is defined and (entra_bp.results | selectattr('changed') | list | length > 0))
          or (login_bp is defined and login_bp.changed)
+         or (local_users_bp.changed | default(false))
         ) | ternary('always','auto')
       }}