---

hetzner_server_type: cx11
hetzner_server_labels: "stage={{ stage }} service=keycloak"

keycloak_postgres_host: "{{ shared_service_postgres_01_hostname }}"
keycloak_postgres_database: "{{ stage }}_keycloak"
keycloak_postgres_username: "{{ keycloak_postgres_database }}"
keycloak_postgres_password: "keycloak-postgres-admin"

# TODO shouldn't be declared in a static way -> must be stage specific
keycloak: {
  realms: [
    {
      name: 'docker',
      display_name: 'docker',
      users: [
        {
          "username": "{{ docker_admin_username }}",
          "password": "{{ docker_admin_password }}",
          "email": "{{ docker_admin_email }}",
        }
      ],
      groups: [
        {
          "name": "awx",
        },
        {
          "name": "admin",
        },
        {
          "name": "smardigo",
        },
      ],
      clients: [
        {
          clientId: '{{ docker_registry_oidc_client_id }}',
          name: '{{ docker_registry_oidc_client_id }}',
          admin_url: '',
          root_url: '',
          redirect_uris: '
            [
              "{{ http_s }}://{{ stage }}-docker-registry-01.{{ domain }}/*",
            ]',
          secret: '{{ docker_registry_oidc_client_secret }}',
          web_origins: '
            [
              "{{ http_s }}://{{ stage }}-docker-registry-01.{{ domain }}",
            ]',
        }
      ]
    }
  ]
}