Migrate Keycloak to Podman

manage.py

@@ -124,6 +124,9 @@ def pullProj(project):
     pulledImages = []
     for image in images:
         currentId = getImageId(image)
+        if re.search('^localhost/', image):
+            runPodman("compose", ["-f", f"projects/{project}/compose.yaml.rendered", "build", "--pull"])
+        else:
             runPodman("pull", image)
         pulledId = getImageId(image)
         if currentId != pulledId:

projects/keycloak/.env.mako

@@ -0,0 +1,12 @@
+QUARKUS_TRANSACTION_MANAGER_ENABLE_RECOVERY=true
+
+#KEYCLOAK_ADMIN=
+#KEYCLOAK_ADMIN_PASSWORD=
+
+KC_DB_URL_HOST=postgres.${env['domain']}
+KC_DB_URL_DATABASE=keycloak
+KC_DB_USERNAME=${secrets['postgres']['keycloak']['user']}
+KC_DB_PASSWORD='${secrets["postgres"]["keycloak"]["pass"]}'
+
+KC_PROXY_HEADERS=xforwarded
+KC_HOSTNAME=https://kc.${env['domain']}

projects/keycloak/Dockerfile

@@ -0,0 +1,15 @@
+FROM quay.io/keycloak/keycloak:25.0 as builder
+
+ENV KC_DB=postgres
+
+WORKDIR /opt/keycloak
+
+RUN keytool -genkeypair -storepass password -storetype PKCS12 -keyalg RSA -keysize 2048 -dname "CN=server" -alias server -ext "SAN:c=IP:127.0.0.1" -keystore conf/server.keystore
+RUN /opt/keycloak/bin/kc.sh build
+
+
+FROM quay.io/keycloak/keycloak:25.0
+COPY --from=builder /opt/keycloak/ /opt/keycloak/
+
+ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
+CMD ["start", "--optimized"]

projects/keycloak/compose.yaml.mako

@@ -0,0 +1,11 @@
+services:
+  keycloak:
+    container_name: keycloak
+    build: .
+    image: localhost/keycloak:latest
+    network_mode: pasta:-a,${env['pasta']['keycloak']['ipv4']},-a,${env['pasta']['keycloak']['ipv6']}
+    restart: always
+    user: ${env['users']['keycloak']}:${env['users']['keycloak']}
+    env_file: .env.rendered
+    ports:
+      - 127.0.0.1:${env['ports']['keycloak']}:8443

pyenv.yml

@@ -64,6 +64,9 @@ pasta:
   hedgedoc:
     ipv4: 10.86.8.1
     ipv6: fc86::8
+  keycloak:
+    ipv4: 10.86.11.1
+    ipv6: fc86::11
   mailserver:
     ipv4: 10.86.13.1
     ipv6: fc86::13