Fix idp & co, add base ak setup

modules/server/containers/apps/authentik.nix

@@ -84,6 +84,40 @@ in {
       # Define the command wrapper
       AK="${pkgs.podman}/bin/podman --events-backend=none exec -u root authentik-worker ak"
 
+      $AK shell <<EOF
+from authentik.core.models import Group
+
+groups = ["admin", "cloud"]
+for name in groups:
+  Group.objects.get_or_create(name=name)
+EOF
+      
+      $AK shell <<EOF
+from authentik.core.models import User, Group
+from authentik.managed.models import ManagedObject
+
+# 1. Create the custom admin user
+user, created = User.objects.get_or_create(
+  username="your_admin_name",
+  defaults={
+    "name": "System Administrator",
+    "email": "admin@test.helcel.net",
+    "is_superuser": True,
+    "is_staff": True,
+  }
+)
+user.set_password("your_secure_password")
+user.save()
+
+admin_group = Group.objects.get(name="admin")
+user.ak_groups.add(admin_group)
+
+ManagedObject.objects.get_or_create(
+  identifier="initial-setup-complete",
+  defaults={"model": "authentik_core.user"}
+)
+EOF
+
       $AK apply_blueprint /blueprints/custom/traefik.yaml
       ${lib.optionalString (serverCfg.containers ? nextcloud) ''$AK apply_blueprint /blueprints/custom/nextcloud.yaml''}