41 lines
1.1 KiB
Django/Jinja
41 lines
1.1 KiB
Django/Jinja
[Unit]
|
|
Description=Keycloak server
|
|
After=network-online.target
|
|
Wants=network-online.target systemd-networkd-wait-online.service
|
|
|
|
[Service]
|
|
User=keycloak
|
|
Group=keycloak
|
|
ExecStart=/opt/keycloak/current/bin/kc.sh start
|
|
WorkingDirectory=/opt/keycloak/current
|
|
ReadWritePaths=/opt/keycloak/current/conf /opt/keycloak/current/data /opt/keycloak/current/lib/quarkus
|
|
SuccessExitStatus=0 143
|
|
|
|
TimeoutStartSec=600
|
|
TimeoutStopSec=600
|
|
Environment="KC_HTTP_HOST={{ keycloak_http_host}}"
|
|
Environment="KC_HOSTNAME={{ inventory_hostname }}"
|
|
Environment="KC_DB=postgres"
|
|
Environment="KC_DB_USERNAME={{ keycloak_postgresql_username }}"
|
|
Environment="KC_DB_PASSWORD={{ keycloak_postgresql_password }}"
|
|
Environment="KC_DB_URL_DATABASE={{ keycloak_postgresql_database }}"
|
|
Environment="KC_DB_URL_HOST=localhost"
|
|
Environment="KC_PROXY=edge"
|
|
Environment="KC_HTTP_RELATIVE_PATH=auth"
|
|
|
|
# Hardening options
|
|
CapabilityBoundingSet=
|
|
AmbientCapabilities=
|
|
NoNewPrivileges=true
|
|
ProtectHome=true
|
|
ProtectSystem=strict
|
|
ProtectKernelTunables=true
|
|
ProtectKernelModules=true
|
|
ProtectControlGroups=true
|
|
PrivateTmp=true
|
|
PrivateDevices=true
|
|
LockPersonality=true
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|