feat: use kanidm from nixpkgs-unstable

nix/devShells.nix

@@ -83,7 +83,7 @@
 
       screen
 
-      inputs'.nixpkgs-kanidm.legacyPackages.kanidm
+      inputs'.nixpkgs-unstable.legacyPackages.kanidm
     ];
 
     # Set Environment Variables

nix/os/containers/webserver.nix

@@ -23,6 +23,12 @@ in
       system,
       ...
     }:
+    let
+      nixpkgs-kanidm =
+      # nodeFlake.inputs.nixpkgs-kanidm
+      nodeFlake.inputs.nixpkgs-unstable
+      ;
+    in
     {
       system.stateVersion = "22.05"; # Did you read the comment?
 
@@ -33,7 +39,7 @@ in
 
       imports = [
         "${nodeFlake.inputs.nixpkgs-unstable}/nixos/modules/services/misc/forgejo.nix"
-        "${repoFlake.inputs.nixpkgs-kanidm}/nixos/modules/services/security/kanidm.nix"
+        "${nixpkgs-kanidm}/nixos/modules/services/security/kanidm.nix"
 
         ../profiles/containers/configuration.nix
 
@@ -313,6 +319,7 @@ in
       systemd.services.lldap.serviceConfig.DynamicUser = lib.mkForce false;
 
       # combine a path watcher with a service that transfers the certs by caddy to kanidm
+      # TODO: had an issue where the certificate in kanidm was expired, despite caddy having a refreshed certificate
       systemd.paths.kanidm-tls-watch = {
         enable = true;
         requiredBy = [ "kanidm.service" ];
@@ -389,7 +396,7 @@ in
           dataDir = "/var/lib/kanidm";
         in
         {
-          package = repoFlake.inputs.nixpkgs-kanidm.legacyPackages.${pkgs.system}.kanidm;
+          package = nixpkgs-kanidm.legacyPackages.${pkgs.system}.kanidm;
 
           enablePam = false;
           enableClient = false;
@@ -402,7 +409,6 @@ in
             domain = "kanidm.${domain}";
             origin = "https://kanidm.${domain}";
 
-            db_path = "${dataDir}/db/kanidm.db";
 
             bindaddress = "127.0.0.1:8444";