keycloak_admin_hash: "{{ vault.docker.keycloak.admin.hash }}"

keycloak_realms: "{{ keycloak_config.realms }}"

keycloak_config:
  database:
    db_name: keycloak
    username: keycloak
    password: "{{ vault.docker.keycloak.database.password }}"
  realms:
    - realm: homelab
      display_name: "Homelab Realm"
      users:
        - username: tudattr
          password: "{{ vault.docker.keycloak.user.password }}"
          realm_roles:
            - offline_access
            - uma_authorization
          client_roles:
            account:
              - view-profile
              - manage-account
      admin:
        username: "serviceadmin-{{ keycloak_admin_hash }}"
        password: "{{ vault.docker.keycloak.admin.password }}"
        realm_roles:
          - offline_access
          - uma_authorization
          - admin
        client_roles:
          realm_management:
            - realm-admin
          account:
            - view-profile
            - manage-account
      roles:
        realm:
          - name: admin
            description: "Administrator role for the homelab realm"
        default_roles:
          - offline_access
          - uma_authorization
    - realm: master
      display_name: "master"
      admin:
        username: "serviceadmin-{{ keycloak_admin_hash }}"
        password: "{{ vault.docker.keycloak.admin.password }}"
        realm_roles:
          - offline_access
          - uma_authorization
          - create-realm
          - admin
        client_roles:
          realm_management:
            - realm-admin
          account:
            - view-profile
            - manage-account
      roles:
        realm: []
        default_roles: []