---

# TODO doesn't bind to local port (currently used by setup keycloak with ansible)
service_port_keycloak_external: "8110"

keycloak_version: "12.0.4"
keycloak_admin_username: "keycloak-admin"
keycloak_admin_password: "keycloak-admin"

keycloak_postgres_version: "12"
keycloak_postgres_database: "keycloak-postgres"
keycloak_postgres_admin_username: "keycloak-postgres-admin"
keycloak_postgres_admin_password: "keycloak-postgres-admin"

keycloak_id: "{{ service_name }}-keycloak"
keycloak_postgres_id: "{{ service_name }}-postgres-keycloak"

keycloak_labels: [
  '"traefik.enable=true"',
  '"traefik.http.routers.{{ keycloak_id }}.service={{ keycloak_id }}"',
  '"traefik.http.routers.{{ keycloak_id }}.rule=Host(`{{ stage_server_url_host }}`)"',
  '"traefik.http.routers.{{ keycloak_id }}.entrypoints=websecure"',
  '"traefik.http.routers.{{ keycloak_id }}.tls=true"',
  '"traefik.http.routers.{{ keycloak_id }}.tls.certresolver=letsencrypt"',
  '"traefik.http.services.{{ keycloak_id }}.loadbalancer.server.port={{ service_port }}"',

  '"traefik.http.routers.{{ keycloak_id }}-monitor.service={{ service_name }}-node-exporter"',
  '"traefik.http.routers.{{ keycloak_id }}-monitor.rule=Host(`{{ stage_server_url_host }}`)"',
  '"traefik.http.routers.{{ keycloak_id }}-monitor.entrypoints=admin-system"',
  '"traefik.http.routers.{{ keycloak_id }}-monitor.tls=true"',
  '"traefik.http.routers.{{ keycloak_id }}-monitor.tls.certresolver=letsencrypt"',
]

keycloak_docker: {
  networks: [
    {
      name: back-tier,
      external: true,
    },
    {
      name: front-tier,
      external: true,
    },
  ],
  volumes: [
    {
      name: "{{ keycloak_postgres_id }}-data"
    }
  ],
  services: [
    {
      name: "{{ keycloak_id }}",
      image_name: "jboss/keycloak",
      image_version: "{{ keycloak_version }}",
      labels: "{{ keycloak_labels + ( keycloak_labels_additional | default([])) }}",
      environment: [
        "PROXY_ADDRESS_FORWARDING: \"true\"",

        "KEYCLOAK_USER: \"{{ keycloak_admin_username }}\"",
        "KEYCLOAK_PASSWORD: \"{{ keycloak_admin_password }}\"",

        "DB_VENDOR: postgres",
        "DB_DATABASE: \"{{ keycloak_postgres_database }}\"",
        "DB_USER: \"{{ keycloak_postgres_admin_username }}\"",
        "DB_PASSWORD: \"{{ keycloak_postgres_admin_password }}\"",
        "DB_ADDR: \"{{ keycloak_postgres_id }}\"",

        "JAVA_OPTS_APPEND: \"-Dkeycloak.profile.feature.docker=enabled\"",
      ],
      volumes: [
        '"./eden-theme:/opt/jboss/keycloak/themes/eden-theme:ro"',
        '"./smardigo-theme:/opt/jboss/keycloak/themes/smardigo-theme:ro"',
      ],
      networks: [
        '"back-tier"',
        '"front-tier"',
      ],
      ports: [
        {
          external: "{{ service_port_keycloak_external }}",
          internal: "{{ service_port_keycloak }}",
        },
      ],
      extra_hosts: "{{ keycloak_extra_hosts | default([]) }}",
    },
    {
      name: "{{ keycloak_postgres_id }}",
      image_name: "postgres",
      image_version: "{{ keycloak_postgres_version }}",
      environment: [
        'POSTGRES_DB: "{{ keycloak_postgres_database }}"',
        'POSTGRES_USER: "{{ keycloak_postgres_admin_username }}"',
        'POSTGRES_PASSWORD: "{{ keycloak_postgres_admin_password }}"',
      ],
      volumes: [
        '"{{ keycloak_postgres_id }}-data:/var/lib/postgresql/data"',
      ],
      networks: [
        '"back-tier"',
      ],
      ports: "{{ keycloak_postgres_ports | default([]) }}",
    },
  ],
}