From 929150d90e79b9477d5484e3747663e2fdbc5512 Mon Sep 17 00:00:00 2001
From: Jonathan DeMasi <me@jthan.io>
Date: Wed, 14 Jan 2026 20:53:49 -0700
Subject: [PATCH] add authentik role with basic firewall

---
 ansible/authentik.yaml                  | 1 +
 ansible/roles/authentik/tasks/main.yaml | 8 ++++++++
 2 files changed, 9 insertions(+)
 create mode 100644 ansible/roles/authentik/tasks/main.yaml

diff --git a/ansible/authentik.yaml b/ansible/authentik.yaml
index 9511de5..1da14d0 100644
--- a/ansible/authentik.yaml
+++ b/ansible/authentik.yaml
@@ -4,3 +4,4 @@
   roles:
     - common
     - lego
+    - authentik
diff --git a/ansible/roles/authentik/tasks/main.yaml b/ansible/roles/authentik/tasks/main.yaml
new file mode 100644
index 0000000..4386269
--- /dev/null
+++ b/ansible/roles/authentik/tasks/main.yaml
@@ -0,0 +1,8 @@
+- name: Permit traffic in default zone on port 8443/tcp
+  ansible.posix.firewalld:
+    port: 8443/tcp
+    permanent: true
+    state: enabled
+    immediate: true
+    offline: true
+