[Unit]
Requires=postgres.service
After=postgres.service
PartOf=keycloak.target

[Container]
AutoUpdate=registry
ContainerName=keycloak
Environment=KC_LOG_LEVEL=info
Environment=KC_DB=postgres
Environment=KC_DB_PASSWORD={{ podman_keycloak_postgres_keycloak_password }}
Environment=KC_DB_URL=jdbc:postgresql://postgres/{{ podman_keycloak_postgres_keycloak_database }}
Environment=KC_DB_USERNAME={{ podman_keycloak_postgres_keycloak_username }}
Environment=KC_HOSTNAME={{ podman_keycloak_keycloak_hostname }}
Environment=KC_HTTP_ENABLED=true
Environment=KC_HTTP_PORT=8080
Environment=KC_PROXY_HEADERS=xforwarded
Environment=KC_BOOTSTRAP_ADMIN_USERNAME={{ podman_keycloak_keycloak_admin_username }}
Environment=KC_BOOTSTRAP_ADMIN_PASSWORD={{ podman_keycloak_keycloak_admin_password }}
Environment=PROXY_ADDRESS_FORWARDING=true
Exec=start --features=quick-theme
Image=quay.io/keycloak/keycloak:26.4
Network=keycloak.network
{% if podman_keycloak_enable_ldap %}
Network=ldap.network
{% endif %}
Network=frontend.network
{% for provider in podman_keycloak_keycloak_providers %}
Volume=/home/{{ podman_keycloak_podman_rootless_user }}/keycloak/{{ provider.url | basename }}:/opt/keycloak/providers/{{ provider.url | basename }}:ro,z
{% endfor %}
{% for item in podman_keycloak_keycloak_additional_volumes %}
Volume={{ item.src }}:{{ item.dest }}:{{ item.options }}
{% endfor %}

[Service]
Slice=keycloak.slice
Restart=always

[Install]
WantedBy=keycloak.target