feat: implement comprehensive variable management system

- Create standardized group_vars directory structure
- Add domains.yml with centralized subdomain mappings
- Add infrastructure.yml with network, SMTP, and path config
- Reorganize vault.yml secrets by service with consistent naming
- Update 15+ Docker compose templates to use new variable structure
- Simplify playbook commands by removing --extra-vars requirement
- Replace hardcoded domains/IPs with template variables
- Standardize secret references across all services

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

roles/docker/templates/authentik-env.j2

@@ -1,15 +1,15 @@
-PG_PASS={{ authentik_pg_pass }}
-AUTHENTIK_SECRET_KEY={{ authentik_secret_key }}
+PG_PASS={{ vault_authentik.postgres_password }}
+AUTHENTIK_SECRET_KEY={{ vault_authentik.secret_key }}
 # SMTP Host Emails are sent to
-AUTHENTIK_EMAIL__HOST=smtp.resend.com
+AUTHENTIK_EMAIL__HOST={{ smtp.host }}
 AUTHENTIK_EMAIL__PORT=25
 # Optionally authenticate (don't add quotation marks to your password)
-AUTHENTIK_EMAIL__USERNAME=resend
-AUTHENTIK_EMAIL__PASSWORD={{ resend_key }}
+AUTHENTIK_EMAIL__USERNAME={{ smtp.username }}
+AUTHENTIK_EMAIL__PASSWORD={{ vault_smtp.password }}
 # Use StartTLS
 AUTHENTIK_EMAIL__USE_TLS=true
 # Use SSL
 AUTHENTIK_EMAIL__USE_SSL=false
 AUTHENTIK_EMAIL__TIMEOUT=10
 # Email address authentik will send from, should have a correct @domain
-AUTHENTIK_EMAIL__FROM=auth@updates.thesatelliteoflove.com
+AUTHENTIK_EMAIL__FROM=auth@{{ email_domains.updates }}