From efbef77a83dec73b5e35341f586acd185b1082bc Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Fri, 5 Jun 2026 11:39:17 +0900
Subject: [PATCH] tsuki/kanidm: `serverSettings` -> `server.settings`

---
 hosts/tsuki/services/grafana/default.nix |  2 +-
 hosts/tsuki/services/hedgedoc.nix        |  2 +-
 hosts/tsuki/services/kanidm.nix          | 10 +++++-----
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/hosts/tsuki/services/grafana/default.nix b/hosts/tsuki/services/grafana/default.nix
index ef25a22..64526b2 100644
--- a/hosts/tsuki/services/grafana/default.nix
+++ b/hosts/tsuki/services/grafana/default.nix
@@ -124,7 +124,7 @@
       };
 
       "auth.generic_oauth" = let
-        authServerUrl = config.services.kanidm.serverSettings.origin;
+        authServerUrl = config.services.kanidm.server.settings.origin;
       in {
         enabled = true;
         name = "KaniDM";
diff --git a/hosts/tsuki/services/hedgedoc.nix b/hosts/tsuki/services/hedgedoc.nix
index 1f2a5ef..33f4604 100644
--- a/hosts/tsuki/services/hedgedoc.nix
+++ b/hosts/tsuki/services/hedgedoc.nix
@@ -42,7 +42,7 @@ in {
       };
 
       oauth2 = let
-        authServerUrl = config.services.kanidm.serverSettings.origin;
+        authServerUrl = config.services.kanidm.server.settings.origin;
       in rec {
         baseURL = "${authServerUrl}/oauth2";
         tokenURL = "${authServerUrl}/oauth2/token";
diff --git a/hosts/tsuki/services/kanidm.nix b/hosts/tsuki/services/kanidm.nix
index 7703e0e..5438800 100644
--- a/hosts/tsuki/services/kanidm.nix
+++ b/hosts/tsuki/services/kanidm.nix
@@ -2,7 +2,7 @@
   cfg = config.services.kanidm;
 in {
   systemd.services.kanidm = let
-    certName = config.services.nginx.virtualHosts.${cfg.serverSettings.domain}.useACMEHost;
+    certName = config.services.nginx.virtualHosts.${cfg.server.settings.domain}.useACMEHost;
   in {
     requires = [ "acme-order-renew-${certName}.service" ];
     serviceConfig.LoadCredential = let
@@ -12,18 +12,18 @@ in {
       "key.pem:${certDir}/key.pem"
     ];
     serviceConfig.BindPaths = [
-      cfg.serverSettings.online_backup.path
+      cfg.server.settings.online_backup.path
     ];
   };
 
   services.kanidm = {
     package = pkgs.kanidm_1_9;
-    enableServer = true;
     # enablePAM = true;
-    serverSettings = let
+    server.settings = let
       credsDir = "/run/credentials/kanidm.service";
     in {
-      origin = "https://${cfg.serverSettings.domain}";
+      enable = true;
+      origin = "https://${cfg.server.settings.domain}";
       domain = "auth.nani.wtf";
       tls_chain = "${credsDir}/fullchain.pem";
       tls_key = "${credsDir}/key.pem";