43 lines
1.1 KiB
Text
43 lines
1.1 KiB
Text
|
{{ ansible_managed | comment }}
|
||
|
|
|
||
|
|
[Unit]
|
||
|
|
Description = Postgres for keycloak
|
||
|
|
|
||
|
|
[Service]
|
||
|
|
Restart = always
|
||
|
|
RestartSec = 5s
|
||
|
|
|
||
|
|
[Container]
|
||
|
|
Image = {{ keycloak_postgres_containerimage }}:{{ keycloak_postgres_image_tag }}
|
||
|
|
ContainerName = keycloak-postgres
|
||
|
|
|
||
|
|
AutoUpdate = registry
|
||
|
|
LogDriver = journald
|
||
|
|
|
||
|
|
NoNewPrivileges = true
|
||
|
|
ReadOnly = true
|
||
|
|
DropCapability = all
|
||
|
|
AddCapability = CHOWN DAC_OVERRIDE SETUID SETGID
|
||
|
|
UserNS = auto:size=65535
|
||
|
|
{% if keycloak_selinux_level != omit %}
|
||
|
|
SecurityLabelLevel = {{ keycloak_selinux_level }}
|
||
|
|
{% endif %}
|
||
|
|
|
||
|
|
Network = keycloak.network
|
||
|
|
ExposeHostPort = 5432
|
||
|
|
|
||
|
|
EnvironmentFile = {{ keycloak_install_dir }}/keycloak-postgres.env
|
||
|
|
|
||
|
|
Volume = {{ keycloak_install_dir }}/postgres:/var/lib/postgresql/data:U
|
||
|
|
Tmpfs = /run/postgresql:rw,noexec,nosuid,nodev,size=1m
|
||
|
|
Tmpfs = /tmp:rw,noexec,nosuid,nodev,size=50m
|
||
|
|
|
||
|
|
PodmanArgs = --memory={{ keycloak_postgres_memory_high }}
|
||
|
|
PodmanArgs = --memory-swap={{ keycloak_postgres_swap_max }}
|
||
|
|
PodmanArgs = --memory-reservation={{ keycloak_postgres_memory_low }}
|
||
|
|
|
||
|
|
PodmanArgs = --stop-signal=SIGINT
|
||
|
|
|
||
|
|
[Install]
|
||
|
|
WantedBy = default.target
|