ansible-role-keycloak/templates/keycloak.service.j2

[Unit]
Description=Keycloak server
After=network-online.target
Wants=network-online.target systemd-networkd-wait-online.service

[Service]
User=keycloak
Group=keycloak
ExecStart=/opt/keycloak/current/bin/kc.sh start
WorkingDirectory=/opt/keycloak/current
ReadWritePaths=/opt/keycloak/current/conf /opt/keycloak/current/data /opt/keycloak/current/lib/quarkus
SuccessExitStatus=0 143

TimeoutStartSec=600
TimeoutStopSec=600
Environment="KC_HTTP_HOST={{ keycloak_http_host}}"
Environment="KC_HOSTNAME={{ inventory_hostname }}"
Environment="KC_DB=postgres"
Environment="KC_DB_USERNAME={{ keycloak_postgresql_username }}"
Environment="KC_DB_PASSWORD={{ keycloak_postgresql_password }}"
Environment="KC_DB_URL_DATABASE={{ keycloak_postgresql_database }}"
Environment="KC_DB_URL_HOST=localhost"
Environment="KC_PROXY=edge"
Environment="KC_HTTP_RELATIVE_PATH=auth"

# Hardening options
CapabilityBoundingSet=
AmbientCapabilities=
NoNewPrivileges=true
ProtectHome=true
ProtectSystem=strict
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
PrivateTmp=true
PrivateDevices=true
LockPersonality=true

[Install]
WantedBy=multi-user.target
Revert "updated version" This reverts commit 60a946d54d386111828250002b48d69fa8c6cbcc. 2025-01-17 18:40:56 +01:00			`[Unit]`
			`Description=Keycloak server`
			`After=network-online.target`
			`Wants=network-online.target systemd-networkd-wait-online.service`

			`[Service]`
			`User=keycloak`
			`Group=keycloak`
			`ExecStart=/opt/keycloak/current/bin/kc.sh start`
			`WorkingDirectory=/opt/keycloak/current`
			`ReadWritePaths=/opt/keycloak/current/conf /opt/keycloak/current/data /opt/keycloak/current/lib/quarkus`
			`SuccessExitStatus=0 143`

			`TimeoutStartSec=600`
			`TimeoutStopSec=600`
			`Environment="KC_HTTP_HOST={{ keycloak_http_host}}"`
			`Environment="KC_HOSTNAME={{ inventory_hostname }}"`
			`Environment="KC_DB=postgres"`
			`Environment="KC_DB_USERNAME={{ keycloak_postgresql_username }}"`
			`Environment="KC_DB_PASSWORD={{ keycloak_postgresql_password }}"`
			`Environment="KC_DB_URL_DATABASE={{ keycloak_postgresql_database }}"`
			`Environment="KC_DB_URL_HOST=localhost"`
			`Environment="KC_PROXY=edge"`
			`Environment="KC_HTTP_RELATIVE_PATH=auth"`

			`# Hardening options`
			`CapabilityBoundingSet=`
			`AmbientCapabilities=`
			`NoNewPrivileges=true`
			`ProtectHome=true`
			`ProtectSystem=strict`
			`ProtectKernelTunables=true`
			`ProtectKernelModules=true`
			`ProtectControlGroups=true`
			`PrivateTmp=true`
			`PrivateDevices=true`
			`LockPersonality=true`

			`[Install]`
			`WantedBy=multi-user.target`