Keycloak
=========

Ansible role to deploy Keycloak with PostgreSQL database using Docker Compose.

Requirements
------------

- Docker and Docker Compose installed on the target host
- Ansible collection: `community.docker`
- Traefik reverse proxy (for external access)

Role Variables
--------------

Key variables defined in `defaults/main.yml`:

**Base Configuration:**
- `docker_compose_base_dir`: Base directory for Docker Compose files (default: `/etc/docker/compose`)
- `docker_volume_base_dir`: Base directory for Docker volumes (default: `/srv/data`)

**Keycloak Configuration:**
- `keycloak_service_name`: Service name (default: `keycloak`)
- `keycloak_domain`: Domain name for Keycloak (default: `auth.digitalboard.ch`)
- `keycloak_image`: Keycloak Docker image (default: `quay.io/keycloak/keycloak:24.0.1`)
- `keycloak_port`: Internal Keycloak port (default: `8080`)
- `keycloak_admin_user`: Admin username (default: `admin`)
- `keycloak_admin_password`: Admin password (default: `changeme`)
- `keycloak_log_level`: Log level (default: `INFO`)
- `keycloak_proxy_mode`: Proxy mode (default: `edge`)

**PostgreSQL Configuration:**
- `keycloak_postgres_image`: PostgreSQL Docker image (default: `postgres:15`)
- `keycloak_postgres_db`: Database name (default: `keycloak`)
- `keycloak_postgres_user`: Database user (default: `keycloak`)
- `keycloak_postgres_password`: Database password (default: `changeme`)

**Traefik Configuration:**
- `keycloak_traefik_network`: Traefik network name (default: `proxy`)
- `keycloak_backend_network`: Backend network name (default: `backend`)
- `keycloak_use_ssl`: Enable SSL (default: `true`)
- `keycloak_cert_resolver`: Certificate resolver name (default: `dns`)

Dependencies
------------

This role requires the Traefik reverse proxy to be configured and the `proxy` network to be created.

Example Playbook
----------------

```yaml
- hosts: backend_servers
  roles:
    - role: keycloak
      vars:
        keycloak_domain: "auth.example.com"
        keycloak_admin_password: "secure_password"
        keycloak_postgres_password: "secure_db_password"
```

License
-------

MIT-0