load_dependencies:    True  # When set to false the dependencies aren't loaded. Helpful for developing
actions:
  import_realm:       True  # Import REALM
features:
  matomo:             true
  css:                true
  desktop:            true
  ldap:               true
  central_database:   true
  recaptcha:          "{{ RECAPTCHA_ENABLED | bool }}"

  # Doesn't make sense to activate logout page for keycloak, because the logout page 
  # anyhow should be included via iframe in keycloak.
  # The JS is also messing with the keycloak config fields
  # @todo optimize the JS
  logout:             false                             
server:
  csp:
    flags:
      script-src-elem:
        unsafe-inline: true
      script-src-attr:
        unsafe-inline: true
      style-src-attr:
        unsafe-inline: true
    whitelist:
      frame-src:
        - "*" # For frontend channel logout it's necessary that iframes can be loaded
  domains:
    canonical:
      - "auth.{{ PRIMARY_DOMAIN }}"
    aliases: []
scopes:
  nextcloud:  nextcloud

docker:
  services:
    keycloak:
      image:            "quay.io/keycloak/keycloak"
      version:          "latest"
      name:             "keycloak"
      cpus:             "2.0"
      mem_reservation:  "2g"
      mem_limit:        "4g"
      pids_limit:       1024
    database:
      enabled: true
credentials:
  recaptcha:
    key:      "{{ CAPTCHA.RECAPTCHA.KEY | default('') }}"
    secret:   "{{ CAPTCHA.RECAPTCHA.SECRET | default('') }}"
accounts:
  bootstrap:
    username: "administrator"
  system:
    username: "{{ SOFTWARE_NAME | replace('.', '_') | lower }}"