[Unit]
PartOf=keycloak.target

[Container]
ContainerName=ldap
Environment=DS_DM_PASSWORD={{ podman_keycloak_ldap_directory_manager_password }}
Image=quay.io/389ds/dirsrv:latest
Network=ldap.network
PublishPort=636:3636/tcp
Volume=/home/{{ podman_keycloak_podman_rootless_user }}/ldap:/data:rw,Z
Volume=/home/{{ podman_keycloak_podman_rootless_user }}/certbot/conf/live/{{ podman_keycloak_keycloak_hostname }}/privkey.pem:/data/tls/server.key:ro,z
Volume=/home/{{ podman_keycloak_podman_rootless_user }}/certbot/conf/live/{{ podman_keycloak_keycloak_hostname }}/cert.pem:/data/tls/server.crt:ro,z
Volume=/home/{{ podman_keycloak_podman_rootless_user }}/certbot/conf/live/{{ podman_keycloak_keycloak_hostname }}/chain.pem:/data/tls/ca/chain.crt:ro,z

[Service]
Slice=keycloak.slice
Restart=always
# RuntimeMaxSec is used to restart the service periodically to pick up new Let's Encrypt certificates
RuntimeMaxSec=604800

[Install]
WantedBy=keycloak.target