infrastructure/roles/keycloak/templates/keycloak.container.j2

{{ ansible_managed | comment }}

[Unit]
Description = Keycloak Server
Requires = keycloak-postgres.service
After = keycloak-postgres.service

[Service]
Restart = always
RestartSec = 5s

[Container]
Image = {{ keycloak_containerimage }}:{{ keycloak_image_tag }}
ContainerName = keycloak

Exec = start \
    --db=postgres \
    --proxy-headers=xforwarded \
    --http-enabled=true \
    --features=persistent-user-sessions

AutoUpdate = registry
LogDriver = journald

NoNewPrivileges = true
DropCapability = all
UserNS = auto:size=65535

Network = keycloak.network
Network = caddy.network
ExposeHostPort = 8080

EnvironmentFile = {{ keycloak_install_dir }}/keycloak.env

PodmanArgs = --memory={{ keycloak_memory_high }}
PodmanArgs = --memory-swap={{ keycloak_swap_max }}
PodmanArgs = --memory-reservation={{ keycloak_memory_low }}

[Install]
WantedBy = default.target
refactor!(keycloak): use podman quadlet setup 2025-01-18 19:54:13 +01:00			`{{ ansible_managed \| comment }}`

			`[Unit]`
			`Description = Keycloak Server`
			`Requires = keycloak-postgres.service`
			`After = keycloak-postgres.service`

			`[Service]`
			`Restart = always`
			`RestartSec = 5s`

			`[Container]`
			`Image = {{ keycloak_containerimage }}:{{ keycloak_image_tag }}`
			`ContainerName = keycloak`

			`Exec = start \`
			`--db=postgres \`
			`--proxy-headers=xforwarded \`
			`--http-enabled=true \`
			`--features=persistent-user-sessions`

			`AutoUpdate = registry`
			`LogDriver = journald`

			`NoNewPrivileges = true`
			`DropCapability = all`
			`UserNS = auto:size=65535`

			`Network = keycloak.network`
			`Network = caddy.network`
			`ExposeHostPort = 8080`

			`EnvironmentFile = {{ keycloak_install_dir }}/keycloak.env`

			`PodmanArgs = --memory={{ keycloak_memory_high }}`
			`PodmanArgs = --memory-swap={{ keycloak_swap_max }}`
			`PodmanArgs = --memory-reservation={{ keycloak_memory_low }}`

			`[Install]`
			`WantedBy = default.target`