ansible/roles/docker/tasks/services/keycloak.yml

---
- name: setup keycloak containers for sso.data.coop
  community.docker.docker_compose:
    project_name: keycloak
    pull: true
    definition:
      version: '3.6'
      services:

        postgres:
          image: postgres:10
          restart: unless-stopped
          networks:
            - keycloak
          volumes:
            - '{{ services.keycloak.volume_folder }}/data:/var/lib/postgresql/data'
          environment:
            POSTGRES_USER: keycloak
            POSTGRES_PASSWORD: '{{ postgres_passwords.keycloak }}'
            POSTGRES_DB: keycloak

        app:
          image: quay.io/keycloak/keycloak:{{ services.keycloak.version }}
          restart: unless-stopped
          networks:
            - keycloak
            - postfix
            - external_services
          command: start --db=postgres --db-url=jdbc:postgresql://postgres:5432/keycloak
            --db-username=keycloak --db-password={{ postgres_passwords.keycloak
            }} --hostname={{ services.keycloak.domain }} --proxy=edge --https-port=8080
            --http-relative-path=/auth
          environment:
            VIRTUAL_HOST: '{{ services.keycloak.domain }}'
            VIRTUAL_PORT: '8080'
            LETSENCRYPT_HOST: '{{ services.keycloak.domain }}'
            LETSENCRYPT_EMAIL: '{{ letsencrypt_email }}'

      networks:
        keycloak:
        postfix:
          external: true
        external_services:
          external: true