Automate the manual Authentik configuration process using native YAML blueprints
that are applied on container startup.
Changes:
- Add kaboot-setup.yaml blueprint for local development
- Add kaboot-setup-production.yaml.example for production with configurable domains
- Update docker-compose.yml and docker-compose.prod.yml to mount blueprints
- Add AUTHENTIK_BOOTSTRAP_PASSWORD/TOKEN env vars for automated admin setup
- Update setup.sh to generate bootstrap credentials and display admin password
- Update Caddyfile.example with proper proxy headers for Authentik
- Add Caddyfile to .gitignore (user-specific config)
- Update docs with Quick Start sections for automated setup
The blueprints create:
- OAuth2/OIDC provider (public client, client_id: kaboot-spa)
- Kaboot application with redirect URIs
- kaboot-users group with application binding
- Enrollment flow with sign-up capability
- Password complexity policy
- Test user and service account (passwords set manually)
