1 files changed, 19 insertions, 18 deletions

diff --git a/nixos/modules/services/web-apps/keycloak.xml b/nixos/modules/services/web-apps/keycloak.xml
index ca5e223eee467..7ba656c20f166 100644
--- a/nixos/modules/services/web-apps/keycloak.xml
+++ b/nixos/modules/services/web-apps/keycloak.xml
@@ -41,31 +41,31 @@
        <productname>PostgreSQL</productname> or
        <productname>MySQL</productname>. Which one is used can be
        configured in <xref
-       linkend="opt-services.keycloak.databaseType" />. The selected
+       linkend="opt-services.keycloak.database.type" />. The selected
        database will automatically be enabled and a database and role
        created unless <xref
-       linkend="opt-services.keycloak.databaseHost" /> is changed from
+       linkend="opt-services.keycloak.database.host" /> is changed from
        its default of <literal>localhost</literal> or <xref
-       linkend="opt-services.keycloak.databaseCreateLocally" /> is set
+       linkend="opt-services.keycloak.database.createLocally" /> is set
        to <literal>false</literal>.
      </para>
 
      <para>
        External database access can also be configured by setting
-       <xref linkend="opt-services.keycloak.databaseHost" />, <xref
-       linkend="opt-services.keycloak.databaseUsername" />, <xref
-       linkend="opt-services.keycloak.databaseUseSSL" /> and <xref
-       linkend="opt-services.keycloak.databaseCaCert" /> as
+       <xref linkend="opt-services.keycloak.database.host" />, <xref
+       linkend="opt-services.keycloak.database.username" />, <xref
+       linkend="opt-services.keycloak.database.useSSL" /> and <xref
+       linkend="opt-services.keycloak.database.caCert" /> as
        appropriate. Note that you need to manually create a database
        called <literal>keycloak</literal> and allow the configured
        database user full access to it.
      </para>
 
      <para>
-       <xref linkend="opt-services.keycloak.databasePasswordFile" />
+       <xref linkend="opt-services.keycloak.database.passwordFile" />
        must be set to the path to a file containing the password used
-       to log in to the database. If <xref linkend="opt-services.keycloak.databaseHost" />
-       and <xref linkend="opt-services.keycloak.databaseCreateLocally" />
+       to log in to the database. If <xref linkend="opt-services.keycloak.database.host" />
+       and <xref linkend="opt-services.keycloak.database.createLocally" />
        are kept at their defaults, the database role
        <literal>keycloak</literal> with that password is provisioned
        on the local database instance.
@@ -115,17 +115,17 @@
      </para>
 
      <para>
-       For HTTPS support, a TLS certificate and private key is
-       required. They should be <link
+       HTTPS support requires a TLS/SSL certificate and a private key,
+       both <link
        xlink:href="https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail">PEM
-       formatted</link> and concatenated into a single file. The path
-       to this file should be configured in
-       <xref linkend="opt-services.keycloak.certificatePrivateKeyBundle" />.
+       formatted</link>. Their paths should be set through <xref
+       linkend="opt-services.keycloak.sslCertificate" /> and <xref
+       linkend="opt-services.keycloak.sslCertificateKey" />.
      </para>
 
      <warning>
        <para>
-         The path should be provided as a string, not a Nix path,
+         The paths should be provided as a strings, not a Nix paths,
          since Nix paths are copied into the world readable Nix store.
        </para>
      </warning>
@@ -195,8 +195,9 @@ services.keycloak = {
   <link linkend="opt-services.keycloak.initialAdminPassword">initialAdminPassword</link> = "e6Wcm0RrtegMEHl";  # change on first login
   <link linkend="opt-services.keycloak.frontendUrl">frontendUrl</link> = "https://keycloak.example.com/auth";
   <link linkend="opt-services.keycloak.forceBackendUrlToFrontendUrl">forceBackendUrlToFrontendUrl</link> = true;
-  <link linkend="opt-services.keycloak.certificatePrivateKeyBundle">certificatePrivateKeyBundle</link> = "/run/keys/ssl_cert";
-  <link linkend="opt-services.keycloak.databasePasswordFile">databasePasswordFile</link> = "/run/keys/db_password";
+  <link linkend="opt-services.keycloak.sslCertificate">sslCertificate</link> = "/run/keys/ssl_cert";
+  <link linkend="opt-services.keycloak.sslCertificateKey">sslCertificateKey</link> = "/run/keys/ssl_key";
+  <link linkend="opt-services.keycloak.database.passwordFile">database.passwordFile</link> = "/run/keys/db_password";
 };
 </programlisting>
      </para>