# vim: ft=yaml.ansible
---
- name: setup keycloak containers for sso.data.coop
  docker_compose:
    project_name: "keycloak"
    pull: "yes"
    definition:
      version: "3.6"
      services:
        postgres:
          image: "postgres:{{ services.keycloak.postgres_version }}"
          restart: "unless-stopped"
          networks:
            - "keycloak"
          volumes:
            - "{{ services.keycloak.volume_folder }}/data:/var/lib/postgresql/data"
          environment:
            POSTGRES_USER: "keycloak"
            POSTGRES_PASSWORD: "{{ postgres_passwords.keycloak }}"
            POSTGRES_DB: "keycloak"

        app:
          image: "quay.io/keycloak/keycloak:{{ services.keycloak.version }}"
          restart: "unless-stopped"
          networks:
            - "keycloak"
            - "postfix"
            - "external_services"
          command:
            - "start"
            - "--db=postgres"
            - "--db-url=jdbc:postgresql://postgres:5432/keycloak"
            - "--db-username=keycloak"
            - "--db-password={{ postgres_passwords.keycloak }}"
            - "--hostname={{ services.keycloak.domain }}"
            - "--proxy=edge"
            - "--https-port=8080"
            - "--http-relative-path=/auth"
          environment:
            VIRTUAL_HOST: "{{ services.keycloak.domain }}"
            VIRTUAL_PORT: "8080"
            LETSENCRYPT_HOST: "{{ services.keycloak.domain }}"
            LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"

      networks:
        keycloak:
        postfix:
          external: true
        external_services:
          external: true