Enable Authentik installation and add support for extra public hostnames in the configuration. Updated README and values files to reflect changes for improved deployment flexibility and documentation clarity.

ansible/inventory/group_vars/all.yml

@@ -14,7 +14,7 @@ noble_k8s_api_server_fallback: "https://192.168.50.20:6443"
 noble_skip_k8s_health_check: false
 
 # Pangolin / Newt — set true only after newt-pangolin-auth Secret exists (SOPS: clusters/noble/secrets/ or imperative — see clusters/noble/bootstrap/newt/README.md)
-noble_newt_install: false
+noble_newt_install: true
 
 # cert-manager needs Secret cloudflare-dns-api-token in cert-manager namespace before ClusterIssuers work
 noble_cert_manager_require_cloudflare_secret: true
@@ -27,3 +27,6 @@ noble_argocd_apply_bootstrap_root_application: true
 
 # Authentik (OIDC IdP) + oauth2-proxy ForwardAuth — set **true** after **.env** has NOBLE_AUTHENTIK_* (see ansible/roles/noble_authentik/README.md).
 noble_authentik_install: true
+# Optional: public (or extra) Authentik hostnames on the same IdP — list of FQDNs. Pangolin: CNAME + resource → Newt → Traefik (see noble_authentik README).
+noble_authentik_ingress_extra_hosts:
+  - auth.nikflix.ca