no-secrets-athq-ansible/roles/usermanagement/templates/keycloak.yaml

---

version: '3.3'

services:
  keycloak:
    container_name: keycloak-container
    command: start --hostname-strict=false --log-level=WARNING
    image: quay.io/keycloak/keycloak:latest
    environment:
      - KEYCLOAK_ADMIN=admin
      - KEYCLOAK_ADMIN_PASSWORD={{ keycloak_admin_password }}
      - PROXY_ADDRESS_FORWARDING=true
      - KC_PROXY=edge
      - KC_LOG_LEVEL=ALL
      - KC_DB_URL_HOST=postgres
      - KC_DB_USERNAME=keycloak
      - KC_DB_PASSWORD={{ keycloak_postgres_password }}
      - KC_HEALTH_ENABLED=true
      - KC_METRICS_ENABLED=true
      - KC_DB=postgres
      - KEYCLOAK_LOGLEVEL=WARN
    restart: unless-stopped
    ports:
    - 5050:8080
    depends_on:
    - postgres
    secrets:
    - postgres_password
    volumes:
    - /data/atlantis-keycloak-themes/themes/:/opt/keycloak/themes/
  postgres:
    container_name: postgres-container
    image: postgres:15.1
    environment:
      - POSTGRES_DB=keycloak
      - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
      - POSTGRES_USER=keycloak
    restart: unless-stopped
    secrets:
    - postgres_password
    volumes:
    - /data/keycloak-postgres/:/var/lib/postgresql/data

secrets:
  postgres_password:
    file: postgres_password

volumes:
  postgres-data:

...