From a990c96eb130268b8d8376cf7da14711f89b429a Mon Sep 17 00:00:00 2001
From: June <june@jsts.xyz>
Date: Mon, 15 Jul 2024 01:39:25 +0200
Subject: [PATCH] Upgrade to Keycloak 25 and move to new config options

https://www.keycloak.org/docs/latest/upgrading/index.html#new-hostname-options
https://www.keycloak.org/docs/latest/upgrading/index.html#deprecated-proxy-option
---
 .../chaosknoten/configs/keycloak/compose.yaml.j2    | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/playbooks/templates/chaosknoten/configs/keycloak/compose.yaml.j2 b/playbooks/templates/chaosknoten/configs/keycloak/compose.yaml.j2
index 2e0bdc3..78eb438 100644
--- a/playbooks/templates/chaosknoten/configs/keycloak/compose.yaml.j2
+++ b/playbooks/templates/chaosknoten/configs/keycloak/compose.yaml.j2
@@ -25,14 +25,14 @@ services:
     build:
       context: .
       dockerfile_inline: |
-        FROM quay.io/keycloak/keycloak:24.0 as builder
+        FROM quay.io/keycloak/keycloak:25.0 as builder
 
         ENV KC_DB=postgres
 
         WORKDIR /opt/keycloak
         RUN /opt/keycloak/bin/kc.sh build
 
-        FROM quay.io/keycloak/keycloak:24.0
+        FROM quay.io/keycloak/keycloak:25.0
         COPY --from=builder /opt/keycloak/ /opt/keycloak/
 
         # Runtime options set in compose directly.
@@ -51,10 +51,11 @@ services:
       KC_DB_URL_HOST: db
       KC_DB_USERNAME: keycloak
       KC_DB_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/KC_DB_PASSWORD", create=false, missing="error") }}
-      KC_HOSTNAME: id.hamburg.ccc.de
-      KC_HOSTNAME_STRICT_BACKCHANNEL: true
-      KC_HOSTNAME_ADMIN: keycloak-admin.hamburg.ccc.de
-      KC_PROXY: edge
+      KC_HOSTNAME: https://id.hamburg.ccc.de
+      KC_HOSTNAME_BACKCHANNEL_DYNAMIC: false
+      KC_HOSTNAME_ADMIN: https://keycloak-admin.hamburg.ccc.de
+      KC_PROXY_HEADERS: xforwarded
+      KC_HTTP_ENABLED: true
     ports:
       - "8080:8080"