From 463342133e28ad26e79fbb0fce37083f1bcae36d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Torjus=20H=C3=A5kestad?= Date: Sun, 8 Feb 2026 03:34:12 +0100 Subject: [PATCH] kanidm: remove non-functional metrics scrape target Kanidm does not expose a Prometheus /metrics endpoint. The scrape target was causing 404 errors after the TLS certificate issue was fixed. Also add SSH command restriction to CLAUDE.md. Co-Authored-By: Claude Opus 4.5 --- CLAUDE.md | 4 ++++ services/kanidm/default.nix | 17 +++++++++-------- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/CLAUDE.md b/CLAUDE.md index 511e4eb..3c8641c 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -35,6 +35,10 @@ nix build .#create-host Do not automatically deploy changes. Deployments are usually done by updating the master branch, and then triggering the auto update on the specific host. +### SSH Commands + +Do not run SSH commands directly. If a command needs to be run on a remote host, provide the command to the user and ask them to run it manually. + ### Testing Feature Branches on Hosts All hosts have the `nixos-rebuild-test` helper script for testing feature branches before merging: diff --git a/services/kanidm/default.nix b/services/kanidm/default.nix index 69a57d1..c245079 100644 --- a/services/kanidm/default.nix +++ b/services/kanidm/default.nix @@ -55,12 +55,13 @@ group = "kanidm"; }; - # Monitoring scrape target - homelab.monitoring.scrapeTargets = [ - { - job_name = "kanidm"; - port = 443; - scheme = "https"; - } - ]; + # Note: Kanidm does not expose Prometheus metrics + # If metrics support is added in the future, uncomment: + # homelab.monitoring.scrapeTargets = [ + # { + # job_name = "kanidm"; + # port = 443; + # scheme = "https"; + # } + # ]; }