nixos/keycloak: drop removed proxy option

Reference: https://www.keycloak.org/docs/latest/upgrading/index.html#proxy-option-removed
2024-11-26 00:43:20 +00:00 · 2024-10-04 20:20:46 -04:00 · 2024-10-04 20:20:46 -04:00 · 0cdc3e2a0b
commit 0cdc3e2a0b
parent 16cd47369f
1 changed files with 10 additions and 23 deletions
--- a/nixos/modules/services/web-apps/keycloak.nix
+++ b/nixos/modules/services/web-apps/keycloak.nix
@ -351,35 +351,12 @@ in
                for more information about hostname configuration.
              '';
            };
-
-            proxy = mkOption {
-              type = enum [ "edge" "reencrypt" "passthrough" "none" ];
-              default = "none";
-              example = "edge";
-              description = ''
-                The proxy address forwarding mode if the server is
-                behind a reverse proxy.
-
-                - `edge`:
-                  Enables communication through HTTP between the
-                  proxy and Keycloak.
-                - `reencrypt`:
-                  Requires communication through HTTPS between the
-                  proxy and Keycloak.
-                - `passthrough`:
-                  Enables communication through HTTP or HTTPS between
-                  the proxy and Keycloak.
-
-                See <https://www.keycloak.org/server/reverseproxy> for more information.
-              '';
-            };
          };
        };

        example = literalExpression ''
          {
            hostname = "keycloak.example.com";
-            proxy = "reencrypt";
            https-key-store-file = "/path/to/file";
            https-key-store-password = { _secret = "/run/keys/store_password"; };
          }
@ -497,6 +474,16 @@ in
              See [New Hostname options](https://www.keycloak.org/docs/25.0.0/upgrading/#new-hostname-options) for details.
            '';
          }
+          {
+            assertion = cfg.settings.proxy or null == null;
+            message = ''
+              The option `services.keycloak.settings.proxy' has been removed.
+              Set `services.keycloak.settings.proxy-headers` in combination
+              with other hostname options as needed instead.
+              See [Proxy option removed](https://www.keycloak.org/docs/latest/upgrading/index.html#proxy-option-removed)
+              for more information.
+            '';
+          }
        ];

        environment.systemPackages = [ keycloakBuild ];