feat: add blueprints for authentik ldap outpost and render values directly instead of using env vars

Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>

roles/authentik/tasks/main.yml

@@ -38,9 +38,6 @@
     state: directory
     mode: '0755'
 
-- name: Render blueprints
-  import_tasks: blueprints.yml
-
 - name: Create docker-compose file for authentik
   template:
     src: docker-compose.yml.j2
@@ -51,6 +48,44 @@
   community.docker.docker_compose_v2:
     project_src: "{{ authentik_docker_compose_dir }}"
     state: present
-    recreate: "{{ blueprints_changed | ternary('always', 'auto') }}"
     wait: true
-    wait_timeout: 300
+    wait_timeout: 300
+
+- name: Render blueprints
+  import_tasks: blueprints.yml
+
+- name: Render blueprint wait script
+  template:
+    src: wait-for-blueprints.py.j2
+    dest: "{{ authentik_docker_volume_dir }}/data/wait-for-blueprints.py"
+    mode: '0644'
+
+- name: Wait for custom blueprints to be applied
+  community.docker.docker_compose_v2_exec:
+    project_src: "{{ authentik_docker_compose_dir }}"
+    service: server
+    command: ak shell -c "exec(open('/data/wait-for-blueprints.py').read())"
+  register: blueprint_wait_result
+  changed_when: "'changed' in blueprint_wait_result.stdout"
+  retries: 30
+  delay: 10
+  until: blueprint_wait_result.rc == 0
+
+- name: Render LDAP outpost token script
+  template:
+    src: set-outpost-token.py.j2
+    dest: "{{ authentik_docker_volume_dir }}/data/set-outpost-token.py"
+    mode: '0644'
+  when: authentik_ldap_outpost.name is defined
+
+- name: Set known token for LDAP outpost
+  community.docker.docker_compose_v2_exec:
+    project_src: "{{ authentik_docker_compose_dir }}"
+    service: server
+    command: ak shell -c "exec(open('/data/set-outpost-token.py').read())"
+  register: ldap_token_result
+  changed_when: "'changed' in ldap_token_result.stdout"
+  retries: 30
+  delay: 10
+  until: ldap_token_result.rc == 0
+  when: authentik_ldap_outpost.name is defined