Add user setup script

modules/server/containers/data/authentik/authentik.yaml

@@ -0,0 +1,62 @@
+version: 1
+metadata:
+  name: "Initial User Setup"
+  labels:
+    blueprint-type: core
+entries:
+  # Locate the binding for the root user setup flow and disable it
+  - model: authentik_flows.flowstagebinding
+    identifiers:
+      target: "ak-root-user-fill"
+    attrs:
+      enabled: false
+
+  # Optionally, disable the default enrollment flow entirely
+  - model: authentik_flows.flow
+    identifiers:
+      slug: "default-enrollment-flow"
+    attrs:
+      designation: "enrollment"
+      enabled: false
+  # --- GROUPS ---
+  - model: authentik_core.group
+    identifiers:
+      name: "admin"
+    attrs:
+      is_superuser: true
+
+  - model: authentik_core.group
+    identifiers:
+      name: "cloud"
+    attrs:
+      is_superuser: false
+
+  - model: authentik_core.group
+    identifiers:
+      name: "dev"
+    attrs:
+      is_superuser: false
+
+  - model: authentik_core.group
+    identifiers:
+      name: "flix"
+    attrs:
+      is_superuser: false
+
+  - model: authentik_core.group
+    identifiers:
+      name: "family"
+    attrs:
+      is_superuser: false
+
+  # --- ADMIN USERS ---
+  - model: authentik_core.user
+    identifiers:
+      username: !env [DEFAULT_ADMIN_USERNAME]
+    attrs:
+      name: !env [DEFAULT_ADMIN_USERNAME]
+      email: "{{ env('DEFAULT_ADMIN_USERNAME') }}@{{ env('DOMAIN') }}"
+      password: !env [DEFAULT_ADMIN_PASSWORD]
+      path: "users"
+      groups:
+        - name: "admin"