keycloak_install_dir: "/opt/keycloak"

keycloak_domains:
  - keycloak.example.com
  - keycloak2.example.com

keycloak_containerimage: quay.io/keycloak/keycloak
# renovate: depName=quay.io/keycloak/keycloak
keycloak_image_tag: "26.1.0"

keycloak_postgres_containerimage: docker.io/library/postgres
# renovate: depName=docker.io/library/postgres
keycloak_postgres_image_tag: "17.2-alpine"

keycloak_selinux_level: "{{ omit }}"

# Default JVM params of Keycloak need at least 512mb of ram
keycloak_memory_low: 512m
keycloak_memory_high: 0
keycloak_swap_max: -1

keycloak_postgres_memory_low: 256m
keycloak_postgres_memory_high: 0
keycloak_postgres_swap_max: -1

keycloak_database_password: "{{ lookup('passwordstore', 'keycloak.example.com/database create=true') }}"

keycloak_environment_vars:
  KC_HOSTNAME_STRICT: "true"
  # Unless you include 'https://' HTTPS won't be enforced
  KC_HOSTNAME: "https://{{ keycloak_domains | first }}"
  KC_LOG_LEVEL: ERROR
  KC_DB_URL_HOST: keycloak-postgres
  KC_DB_URL_DATABASE: keycloak
  KC_DB_USERNAME: "keycloak"
  KC_DB_PASSWORD: "{{ keycloak_database_password }}"

keycloak_postgres_environment_vars:
  POSTGRES_DB: "keycloak"
  POSTGRES_USER: "keycloak"
  POSTGRES_PASSWORD: "{{ keycloak_database_password }}"