From c05c4995abab6fd8e5eaab861b8d14febf76a3b8 Mon Sep 17 00:00:00 2001
From: Vincent Ambo <mail@tazj.in>
Date: Thu, 21 Apr 2022 16:36:04 +0200
Subject: chore(3p/sources): Bump channels and overlays

Changes:

* updated keycloak configuration for new version
* migrate to emacs28 outside of //users, re-add emacs27 but with a
  warning attached urging people to migrate

Change-Id: I3e5765a63934541f72f6c4a8673d3b4671850c93
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5501
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: wpcarro <wpcarro@gmail.com>
---
 ops/machines/whitby/default.nix | 19 ++++++-------------
 1 file changed, 6 insertions(+), 13 deletions(-)

(limited to 'ops')

diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix
index 3fc708e690..5de8481878 100644
--- a/ops/machines/whitby/default.nix
+++ b/ops/machines/whitby/default.nix
@@ -604,25 +604,18 @@ in
   services.keycloak = {
     enable = true;
     httpPort = "5925"; # "kycl"
-    frontendUrl = "https://auth.tvl.fyi/auth/";
+
+    settings = {
+      hostname = "auth.tvl.fyi";
+      http-relative-path = "/auth";
+      proxy = "edge";
+    };
 
     database = {
       type = "postgresql";
       passwordFile = "/run/agenix/keycloak-db";
       createLocally = false;
     };
-
-    # Configure Keycloak to look at forwarded headers from the reverse
-    # proxy.
-    extraConfig = {
-      "subsystem=undertow" = {
-        "server=default-server" = {
-          "http-listener=default" = {
-            proxy-address-forwarding = "true";
-          };
-        };
-      };
-    };
   };
 
   # Allow Keycloak access to the LDAP module by forcing in the JVM
-- 
cgit 1.4.1