feat: initial commit

roles/podman_identity/templates/frontend.network

@@ -0,0 +1,5 @@
+[Network]
+Driver=bridge
+
+[Install]
+WantedBy=default.target

roles/podman_identity/templates/keycloak.container

@@ -0,0 +1,33 @@
+[Unit]
+Requires=postgres.service
+After=postgres.service
+
+[Container]
+AutoUpdate=registry
+ContainerName=keycloak
+Environment=\
+    KC_DB=postgres \
+    KC_DB_PASSWORD={{ podman_identity_postgres_keycloak_password }} \
+    KC_DB_URL=jdbc:postgresql://postgres/{{ podman_identity_postgres_keycloak_database }} \
+    KC_DB_USERNAME={{ podman_identity_postgres_keycloak_username }} \
+    KC_HOSTNAME={{ podman_identity_keycloak_hostname }} \
+    KC_HTTP_ENABLED=true \
+    KC_HTTP_PORT=8080 \
+    KC_PROXY_HEADERS=xforwarded \
+    KC_BOOTSTRAP_ADMIN_USERNAME={{ podman_identity_keycloak_admin_username }} \
+    KC_BOOTSTRAP_ADMIN_PASSWORD={{ podman_identity_keycloak_admin_password }} \
+    PROXY_ADDRESS_FORWARDING=true
+Exec=start
+Image=quay.io/keycloak/keycloak:26.1
+Network=keycloak.network
+Network=ldap.network
+Network=frontend.network
+{% for provider in podman_identity_keycloak_providers %}
+Volume=/home/{{ podman_identity_podman_rootless_user }}/keycloak/{{ provider.url | basename }}:/opt/keycloak/providers/{{ provider.url | basename }}:ro
+{% endfor %}
+
+[Service]
+Restart=always
+
+[Install]
+WantedBy=default.target

roles/podman_identity/templates/keycloak.network

@@ -0,0 +1,5 @@
+[Network]
+Driver=bridge
+
+[Install]
+WantedBy=default.target

roles/podman_identity/templates/ldap.container

@@ -0,0 +1,17 @@
+[Container]
+ContainerName=ldap
+Environment=DS_DM_PASSWORD={{ podman_identity_ldap_directory_manager_password }}
+Image=quay.io/389ds/dirsrv:latest
+Network=ldap.network
+PublishPort=636:3636/tcp
+Volume=/home/{{ podman_identity_podman_rootless_user }}/ldap:/data:rw
+Volume=/home/{{ podman_identity_podman_rootless_user }}/certbot/conf/live/{{ podman_identity_keycloak_hostname }}/privkey.pem:/data/tls/server.key:ro
+Volume=/home/{{ podman_identity_podman_rootless_user }}/certbot/conf/live/{{ podman_identity_keycloak_hostname }}/cert.pem:/data/tls/server.crt:ro
+Volume=/home/{{ podman_identity_podman_rootless_user }}/certbot/conf/live/{{ podman_identity_keycloak_hostname }}/chain.pem:/data/tls/ca/chain.crt:ro
+
+[Service]
+RuntimeMaxSec=604800
+Restart=always
+
+[Install]
+WantedBy=default.target

roles/podman_identity/templates/ldap.network

@@ -0,0 +1,5 @@
+[Network]
+Driver=bridge
+
+[Install]
+WantedBy=default.target

roles/podman_identity/templates/nginx.conf

@@ -0,0 +1,39 @@
+# {{ ansible_managed }}
+
+server {
+    listen 80;
+    listen [::]:80;
+
+    server_name {{ podman_identity_keycloak_hostname }};
+    server_tokens off;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return 301 https://{{ podman_identity_keycloak_hostname }}$request_uri;
+    }
+}
+
+server {
+    listen 443 default_server ssl;
+    listen [::]:443 ssl;
+    http2 on;
+
+    server_name {{ podman_identity_keycloak_hostname }};
+    server_tokens off;
+
+    ssl_certificate /etc/letsencrypt/live/{{ podman_identity_keycloak_hostname }}/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/{{ podman_identity_keycloak_hostname }}/privkey.pem;
+
+    location / {
+        proxy_pass http://keycloak:8080/;
+        proxy_redirect off;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Port 443;
+    }
+}

roles/podman_identity/templates/postgres.container

@@ -0,0 +1,15 @@
+[Container]
+AutoUpdate=registry
+ContainerName=postgres
+Environment=\
+  POSTGRES_DB={{ podman_identity_postgres_keycloak_database }} \
+  POSTGRES_PASSWORD={{ podman_identity_postgres_keycloak_password }} \
+  POSTGRES_USER={{ podman_identity_postgres_keycloak_username }} \
+  POSTGRES_HOST_AUTH_METHOD=scram-sha-256 \
+  POSTGRES_INITDB_ARGS=--auth-host=scram-sha-256
+Image=docker.io/postgres:17.3
+Network=keycloak.network
+Volume=/home/{{ podman_identity_podman_rootless_user }}/postgres:/var/lib/postgresql/data:rw
+
+[Install]
+WantedBy=default.target