From e223885972a593bd75ae7a2cefbf1e8314e3e1c8 Mon Sep 17 00:00:00 2001
From: Max <max@privatevoid.net>
Date: Mon, 30 May 2022 22:00:21 +0200
Subject: [PATCH] services/sso: modify config for 22.05

---
 hosts/VEGAS/services/sso/default.nix | 20 ++++++++------------
 1 file changed, 8 insertions(+), 12 deletions(-)

diff --git a/hosts/VEGAS/services/sso/default.nix b/hosts/VEGAS/services/sso/default.nix
index 4bb8417..dc3032e 100644
--- a/hosts/VEGAS/services/sso/default.nix
+++ b/hosts/VEGAS/services/sso/default.nix
@@ -17,29 +17,25 @@ in
     mode = "0400";
   };
   services.nginx.virtualHosts = { 
-    "${login}" = lib.recursiveUpdate (vhosts.proxy "http://${cfg.bindAddress}:${config.portsStr.keycloak}") {
+    "${login}" = lib.recursiveUpdate (vhosts.proxy "http://${cfg.settings.http-host}:${config.portsStr.keycloak}") {
       locations."= /".return = "302 /auth/realms/master/account/";
     };
     "account.${domain}" = vhosts.redirect "https://${login}/auth/realms/master/account/";
   };
   services.keycloak = {
     enable = true;
-    frontendUrl = "https://${login}/auth";
-    bindAddress = "127.0.0.1";
-    httpPort = config.portsStr.keycloak;
     database = {
       createLocally = true;
       type = "postgresql";
       passwordFile = config.age.secrets.keycloak-dbpass.path;
     };
-    extraConfig = {
-      "subsystem=undertow" = {
-        "server=default-server" = {
-          "http-listener=default" = {
-            proxy-address-forwarding = true;
-          };
-        };
-      };
+    settings = {
+      http-host = "127.0.0.1";
+      http-port = config.ports.keycloak;
+      hostname = login;
+      proxy = "edge";
+      # for backcompat, TODO: remove
+      http-relative-path = "/auth";
     };
   };
 }