feat: initial authentik server commit

[runleveldev]

Copilot Summary

This pull request introduces several major updates to the authentik directory, focusing on infrastructure setup and the addition of blueprint YAML files for authentication, enrollment, and recovery flows. The most significant changes include the addition of a Docker Compose configuration for local development, the creation of reusable flow blueprints for enrollment and recovery (including email and MFA verification), and a comprehensive authentication flow blueprint. Additionally, .gitignore was updated to exclude data, templates, and certificates directories.

Infrastructure and Configuration:

• Added a new compose.yml for Docker Compose, defining postgresql, server, and worker services with required environment variables, health checks, volume mounts, and dependencies for local development of authentik.
• Updated .gitignore to exclude /data/, /custom-templates/, and /certs/ directories, preventing sensitive or generated files from being committed.

Blueprints for Flows:

• Added 10-flows-enrollment-email-verification.yaml, a blueprint defining a default enrollment flow with staged prompts for username, password, name, and email, including email verification and user activation.
• Added 10-flows-recovery-email-mfa-verification.yaml, a blueprint for a recovery flow that includes identification, email verification, MFA validation, password reset, and user login, with policy bindings for conditional stage execution.
• Added 50-opensource-authentication-flow.yaml, a comprehensive blueprint for an authentication flow supporting multiple backends, password and MFA stages, identification, and integration with enrollment and recovery flows. Includes custom policy bindings for conditional stage execution.

[Copilot]

Pull request overview

This PR adds an initial authentik local-development stack (Docker Compose) plus several Authentik blueprint YAML exports for authentication, enrollment, and recovery flows.

Changes:

• Added authentik/compose.yml to run Postgres + authentik server/worker locally.
• Added blueprint YAMLs defining authentication, enrollment (email verification), and recovery (email + MFA verification) flows.
• Added an authentik/.gitignore to keep local data/templates/certs out of git.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
authentik/compose.yml	Introduces a docker-compose stack for authentik + postgres (currently has YAML structure issues).
authentik/blueprints/50-opensource-authentication-flow.yaml	Adds a generated authentication flow blueprint (password + MFA + login bindings).
authentik/blueprints/10-flows-recovery-email-mfa-verification.yaml	Adds a recovery flow blueprint with email verification and MFA validation stages.
authentik/blueprints/10-flows-enrollment-email-verification.yaml	Adds an enrollment flow blueprint with prompts and email verification (with an ordering issue).
authentik/.gitignore	Ignores local authentik data, templates, and cert directories.