129 lines
3.6 KiB
YAML
129 lines
3.6 KiB
YAML
#SPDX-License-Identifier: MIT-0
|
|
---
|
|
# defaults file for keycloak
|
|
|
|
# Base directory configuration (inherited from base role or defined here)
|
|
docker_compose_base_dir: /etc/docker/compose
|
|
docker_volume_base_dir: /srv/data
|
|
|
|
# Keycloak-specific configuration
|
|
keycloak_service_name: keycloak
|
|
keycloak_docker_compose_dir: "{{ docker_compose_base_dir }}/{{ keycloak_service_name }}"
|
|
keycloak_docker_volume_dir: "{{ docker_volume_base_dir }}/{{ keycloak_service_name }}"
|
|
|
|
# Keycloak service configuration
|
|
keycloak_domain: "keycloak.local.test"
|
|
keycloak_image: "quay.io/keycloak/keycloak:24.0.1"
|
|
keycloak_port: 8080
|
|
keycloak_admin_user: admin
|
|
keycloak_admin_password: "changeme"
|
|
|
|
# PostgreSQL configuration
|
|
keycloak_postgres_image: "postgres:15"
|
|
keycloak_postgres_db: keycloak
|
|
keycloak_postgres_user: keycloak
|
|
keycloak_postgres_password: "changeme"
|
|
|
|
# Traefik configuration
|
|
keycloak_traefik_network: "proxy"
|
|
keycloak_backend_network: "backend"
|
|
keycloak_use_ssl: true
|
|
|
|
# Keycloak environment variables
|
|
keycloak_log_level: "INFO"
|
|
keycloak_proxy_mode: "edge"
|
|
keycloak_gzip_enabled: false # Disable GZIP encoding to avoid MIME type issues
|
|
|
|
# Extra CA certificates to trust (host paths to PEM files)
|
|
keycloak_truststore_certificates: []
|
|
# - /srv/data/389ds/data/ssca/ca.crt
|
|
|
|
# Extra /etc/hosts entries for the Keycloak container
|
|
keycloak_extra_hosts: []
|
|
# - "ldap:192.168.56.11"
|
|
|
|
# Provisioning configuration
|
|
keycloak_provisioning_enabled: false
|
|
|
|
# Realm configuration
|
|
keycloak_realm: "default"
|
|
keycloak_realm_display_name: "Default Realm"
|
|
|
|
# Auth URL for API access (used by provisioning tasks)
|
|
keycloak_auth_url: "{{ 'https' if keycloak_use_ssl else 'http' }}://{{ keycloak_domain }}"
|
|
|
|
# Groups to provision
|
|
keycloak_groups: []
|
|
# - name: admins
|
|
# - name: users
|
|
|
|
# Local users to provision
|
|
keycloak_local_users: []
|
|
# - username: admin
|
|
# first_name: "Admin"
|
|
# last_name: "User"
|
|
# email: "admin@example.com"
|
|
# password: "changeme"
|
|
# groups:
|
|
# - name: admins
|
|
|
|
# OIDC clients to provision
|
|
keycloak_oidc_clients: []
|
|
# - client_id: nextcloud
|
|
# name: "Nextcloud"
|
|
# client_secret: "changeme"
|
|
# redirect_uris:
|
|
# - "https://nextcloud.example.com/apps/user_oidc/code"
|
|
# default_client_scopes:
|
|
# - openid
|
|
# - email
|
|
# - profile
|
|
|
|
# Identity providers (e.g., Entra ID, Google)
|
|
keycloak_identity_providers: []
|
|
# - alias: entra-id
|
|
# display_name: "Login with Microsoft"
|
|
# provider_id: oidc
|
|
# config:
|
|
# clientId: "{{ entra_client_id }}"
|
|
# clientSecret: "{{ entra_client_secret }}"
|
|
# authorizationUrl: "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"
|
|
# tokenUrl: "https://login.microsoftonline.com/common/oauth2/v2.0/token"
|
|
# defaultScope: "openid profile email"
|
|
|
|
# Resources to remove from Keycloak (cleanup)
|
|
# Add names/aliases here when removing from the lists above
|
|
keycloak_removed_users: []
|
|
# - olduser
|
|
|
|
keycloak_removed_groups: []
|
|
# - oldgroup
|
|
|
|
keycloak_removed_clients: []
|
|
# - old-client
|
|
|
|
keycloak_removed_identity_providers: []
|
|
# - old-idp
|
|
|
|
# LDAP user federations
|
|
keycloak_user_federations: []
|
|
# - name: ldap-389ds
|
|
# provider_id: ldap
|
|
# config:
|
|
# editMode: WRITABLE
|
|
# syncRegistrations: "true"
|
|
# importEnabled: "true"
|
|
# vendor: rhds
|
|
# connectionUrl: "ldaps://ldap.example.com:636"
|
|
# usersDn: "ou=users,dc=example,dc=com"
|
|
# bindDn: "cn=Directory Manager"
|
|
# bindCredential: "changeme"
|
|
# usernameLDAPAttribute: uid
|
|
# rdnLDAPAttribute: uid
|
|
# uuidLDAPAttribute: nsuniqueid
|
|
# userObjectClasses: "inetOrgPerson, organizationalPerson"
|
|
# authType: simple
|
|
# useTruststoreSpi: never
|
|
|
|
keycloak_removed_user_federations: []
|
|
# - old-federation
|