about summary refs log tree commit diff
path: root/ops/machines
diff options
context:
space:
mode:
authorVincent Ambo <mail@tazj.in>2022-04-21T14·36+0200
committerclbot <clbot@tvl.fyi>2022-04-21T16·54+0000
commitc05c4995abab6fd8e5eaab861b8d14febf76a3b8 (patch)
treeb854b96bdff1b0647170d5d1abd6e8c9d8fef1e7 /ops/machines
parent95cfd6630b55a8a57bccf7a82a067d5154e98b37 (diff)
chore(3p/sources): Bump channels and overlays r/3986
Changes:

* updated keycloak configuration for new version
* migrate to emacs28 outside of //users, re-add emacs27 but with a
  warning attached urging people to migrate

Change-Id: I3e5765a63934541f72f6c4a8673d3b4671850c93
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5501
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: wpcarro <wpcarro@gmail.com>
Diffstat (limited to 'ops/machines')
-rw-r--r--ops/machines/whitby/default.nix19
1 files changed, 6 insertions, 13 deletions
diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix
index 3fc708e690d1..5de8481878bf 100644
--- a/ops/machines/whitby/default.nix
+++ b/ops/machines/whitby/default.nix
@@ -604,25 +604,18 @@ in
   services.keycloak = {
     enable = true;
     httpPort = "5925"; # "kycl"
-    frontendUrl = "https://auth.tvl.fyi/auth/";
+
+    settings = {
+      hostname = "auth.tvl.fyi";
+      http-relative-path = "/auth";
+      proxy = "edge";
+    };
 
     database = {
       type = "postgresql";
       passwordFile = "/run/agenix/keycloak-db";
       createLocally = false;
     };
-
-    # Configure Keycloak to look at forwarded headers from the reverse
-    # proxy.
-    extraConfig = {
-      "subsystem=undertow" = {
-        "server=default-server" = {
-          "http-listener=default" = {
-            proxy-address-forwarding = "true";
-          };
-        };
-      };
-    };
   };
 
   # Allow Keycloak access to the LDAP module by forcing in the JVM