{{ ansible_managed | comment }}

[Unit]
Description = Keycloak Server
Requires = keycloak-postgres.service
After = keycloak-postgres.service

[Service]
Restart = always
RestartSec = 5s

[Container]
Image = {{ keycloak_containerimage }}:{{ keycloak_image_tag }}
ContainerName = keycloak

Exec = start \
    --db=postgres \
    --proxy-headers=xforwarded \
    --http-enabled=true \
    --features=persistent-user-sessions

AutoUpdate = registry
LogDriver = journald

NoNewPrivileges = true
DropCapability = all
UserNS = auto:size=65535

Network = keycloak.network
Network = caddy.network
ExposeHostPort = 8080

EnvironmentFile = {{ keycloak_install_dir }}/keycloak.env

PodmanArgs = --memory={{ keycloak_memory_high }}
PodmanArgs = --memory-swap={{ keycloak_swap_max }}
PodmanArgs = --memory-reservation={{ keycloak_memory_low }}

[Install]
WantedBy = default.target