From ba41e8f8044996ad55325ee4d667c554b71be819 Mon Sep 17 00:00:00 2001
From: Danilo Reyes <danilo.reyes.251@proton.me>
Date: Wed, 10 Dec 2025 02:33:31 -0600
Subject: [PATCH] Update Keycloak configuration to use new password secret and
 modify proxy settings

---
 modules/servers/keycloak.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/servers/keycloak.nix b/modules/servers/keycloak.nix
index 70a4758..8f4af18 100644
--- a/modules/servers/keycloak.nix
+++ b/modules/servers/keycloak.nix
@@ -29,7 +29,7 @@ in
         createLocally = false;
         username = "keycloak";
         name = "keycloak";
-        passwordFile = config.sops.secrets."keycloak/db_password".path;
+        passwordFile = config.sops.secrets.postgres-password.path;
       };
       settings = {
         hostname = cfg.host;
@@ -37,7 +37,7 @@ in
         hostname-strict-https = false;
         http-enabled = true;
         http-port = cfg.port;
-        proxy = "edge";
+        proxy-headers = "xforwarded";
       };
     };
     systemd.services.keycloak.serviceConfig.EnvironmentFile = config.sops.secrets.keycloak.path;