computer-playbook/roles/web-app-keycloak/config/main.yml

load_dependencies:            True  # When set to false the dependencies aren't loaded. Helpful for developing
actions:
  import_realm:               True  # Import REALM
  create_automation_client:   True
features:
  matomo:             true
  css:                true
  desktop:            true
  ldap:               true
  central_database:   true
  recaptcha:          true

  # Doesn't make sense to activate logout page for keycloak, because the logout page 
  # anyhow should be included via iframe in keycloak.
  # The JS is also messing with the keycloak config fields
  # @todo optimize the JS
  logout:             false                             
server:
  csp:
    flags:
      script-src-elem:
        unsafe-inline: true
      script-src:
        unsafe-inline: true
      style-src:
        unsafe-inline: true
    whitelist:
      frame-src:
        - "*" # For frontend channel logout it's necessary that iframes can be loaded
  domains:
    canonical:
      - "auth.{{ PRIMARY_DOMAIN }}"
    aliases: []
scopes:
  nextcloud:  nextcloud

docker:
  services:
    keycloak:
      image:            "quay.io/keycloak/keycloak"
      version:          "latest"
      name:             "keycloak"
      cpus:             "2.0"
      mem_reservation:  "2g"
      mem_limit:        "4g"
      pids_limit:       1024
    database:
      enabled: true

credentials:
  recaptcha:
    website_key:    "" # Required if you enabled recaptcha:
    secret_key:     ""  # Required if you enabled recaptcha: