---
# Main tasks file for Authentik role

- name: Include Docker Compose setup
  include_tasks: docker.yml

- name: Include bootstrap setup
  include_tasks: bootstrap.yml
  when: authentik_bootstrap | default(true)

- name: Include OIDC provider configuration
  include_tasks: providers.yml
  tags: ['authentik', 'oidc']

- name: Include email configuration
  include_tasks: email.yml
  when: mailgun_smtp_user is defined or (client_secrets.mailgun_smtp_user is defined and client_secrets.mailgun_smtp_user != "" and "PLACEHOLDER" not in client_secrets.mailgun_smtp_user)
  tags: ['authentik', 'email']

- name: Include flows configuration (recovery, invitation)
  include_tasks: flows.yml
  when: authentik_bootstrap | default(true)
  tags: ['authentik', 'flows']

- name: Include MFA/2FA enforcement configuration
  include_tasks: mfa.yml
  when: authentik_bootstrap | default(true)
  tags: ['authentik', 'mfa', '2fa']

- name: Include invitation stage configuration
  include_tasks: invitation.yml
  when: authentik_bootstrap | default(true)
  tags: ['authentik', 'invitation']