Implement S3 media storage for Authentik by adding configuration options for dedicated S3 bucket and credentials. Update README and default values to clarify usage and requirements for S3 integration, ensuring compatibility with Velero settings. Enhance Ansible tasks to load S3 configurations from the environment.

ansible/roles/noble_authentik/defaults/main.yml

@@ -28,6 +28,15 @@ noble_authentik_ingress_extra_hosts: []
 
 noble_authentik_oauth2_proxy_host: oauth2.apps.noble.lab.pcenicni.dev
 
+# Media: **S3** via Ansible **`global.env`** (same S3 **URL** + **access keys** as **Velero** when you omit Authentik-specific overrides).
+# Set **`NOBLE_AUTHENTIK_MEDIA_S3_BUCKET`** to a **dedicated** bucket (do not use the Velero backup bucket).
+noble_authentik_media_s3_bucket: ""
+noble_authentik_s3_endpoint: ""
+noble_authentik_s3_access_key: ""
+noble_authentik_s3_secret_key: ""
+noble_authentik_s3_region: "us-east-1"
+noble_authentik_s3_addressing_style: "path"
+
 # OIDC client ids (must match Authentik providers created by configure script)
 noble_authentik_client_id_argocd: argocd
 noble_authentik_client_id_grafana: grafana