---
### Configuration specific to keycloak
keycloak_version: 18.0.2
keycloak_archive: "keycloak-legacy-{{ keycloak_version }}.zip"
keycloak_download_url: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_version }}/{{ keycloak_archive }}"
keycloak_download_url_9x: "https://downloads.jboss.org/keycloak/{{ keycloak_version }}/{{ keycloak_archive }}"
keycloak_installdir: "{{ keycloak_dest }}/keycloak-{{ keycloak_version }}"
keycloak_offline_install: false

### Install location and service settings
keycloak_java_home:
keycloak_dest: /opt/keycloak
keycloak_jboss_home: "{{ keycloak_installdir }}"
keycloak_jboss_port_offset: 0
keycloak_config_dir: "{{ keycloak_jboss_home }}/standalone/configuration"
keycloak_config_standalone_xml: "keycloak.xml"
keycloak_config_path_to_standalone_xml: "{{ keycloak_jboss_home }}/standalone/configuration/{{ keycloak_config_standalone_xml }}"
keycloak_config_override_template: ''
keycloak_config_path_to_properties: "{{ keycloak_jboss_home }}/standalone/configuration/profile.properties"
keycloak_service_runas: false
keycloak_service_user: keycloak
keycloak_service_group: keycloak
keycloak_service_pidfile: "/run/keycloak/keycloak.pid"
keycloak_service_name: keycloak
keycloak_service_desc: Keycloak
keycloak_service_start_delay: 10
keycloak_service_start_retries: 25
keycloak_service_restart_always: false
keycloak_service_restart_on_failure: false
keycloak_service_startlimitintervalsec: "300"
keycloak_service_startlimitburst: "5"
keycloak_service_restartsec: "10s"

keycloak_configure_firewalld: false
keycloak_configure_iptables: false

### administrator console password
keycloak_admin_password: ''

### Common configuration settings
keycloak_bind_address: 0.0.0.0
keycloak_host: localhost
keycloak_http_port: 8080
keycloak_https_port: 8443
keycloak_ajp_port: 8009
keycloak_jgroups_port: 7600
keycloak_jgroups_subnet:
keycloak_management_port_bind_address: 127.0.0.1
keycloak_management_http_port: 9990
keycloak_management_https_port: 9993
keycloak_java_opts: "-Xms1024m -Xmx2048m"
keycloak_prefer_ipv4: true
keycloak_features: []

### Enable configuration for database backend, clustering and remote caches on infinispan
keycloak_ha_enabled: false
### Enable database configuration, must be enabled when HA is configured
keycloak_db_enabled: "{{ True if keycloak_ha_enabled else False }}"
### Discovery protocol for ha cluster members, valus [ 'JDBC_PING', 'TCPPING' ]
keycloak_ha_discovery: "{{ 'JDBC_PING' if keycloak_db_enabled else 'TCPPING' }}"
### Remote cache store on infinispan cluster
keycloak_remote_cache_enabled: "{{ True if keycloak_ha_enabled else False }}"

### Keycloak administration console user
keycloak_admin_user: admin
keycloak_auth_realm: master
keycloak_auth_client: admin-cli

keycloak_force_install: false

### mod_cluster reverse proxy list
keycloak_modcluster_enabled: "{{ True if keycloak_ha_enabled else False }}"
keycloak_modcluster_url: localhost
keycloak_modcluster_port: 6666
keycloak_modcluster_urls:
  - host: "{{ keycloak_modcluster_url }}"
    port: "{{ keycloak_modcluster_port }}"

### keycloak frontend url
keycloak_frontend_url: http://localhost:8080/auth/
keycloak_frontend_url_force: false
keycloak_admin_url:

### infinispan remote caches access (hotrod)
keycloak_infinispan_user: supervisor
keycloak_infinispan_pass: supervisor
keycloak_infinispan_url: localhost
keycloak_infinispan_sasl_mechanism: SCRAM-SHA-512
keycloak_infinispan_use_ssl: false
# if ssl is enabled, import ispn server certificate here
keycloak_infinispan_trust_store_path: /etc/pki/java/cacerts
keycloak_infinispan_trust_store_password: changeit

### database backend engine: values [ 'postgres', 'mariadb', 'sqlserver' ]
keycloak_jdbc_engine: postgres
### database backend credentials
keycloak_db_user: keycloak-user
keycloak_db_pass: keycloak-pass
## connection validation
keycloak_db_background_validation: false
keycloak_db_background_validation_millis: "{{ 10000 if keycloak_db_background_validation else 0 }}"
keycloak_db_background_validate_on_match: false
keycloak_jdbc_url: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].url }}"
keycloak_jdbc_driver_version: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].version }}"
# override the variables above, following defaults show minimum supported versions
keycloak_default_jdbc:
  postgres:
    url: 'jdbc:postgresql://localhost:5432/keycloak'
    version: 9.4.1212
  mariadb:
    url: 'jdbc:mariadb://localhost:3306/keycloak'
    version: 2.7.4
  sqlserver:
    url: 'jdbc:sqlserver://localhost:1433;databaseName=keycloak;'
    version: 12.2.0
# role specific vars
keycloak_no_log: true

### logging configuration
keycloak_log_target: /var/log/keycloak