kanidm: fix secret file permissions for provisioning

Set owner/group to kanidm so the post-start provisioning script can read the idm_admin password. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-08 00:24:41 +01:00
parent d99c82c74c
commit 538c2ad097
1 changed files with 2 additions and 0 deletions
--- a/services/kanidm/default.nix
+++ b/services/kanidm/default.nix
@@ -49,6 +49,8 @@
    secretPath = "kanidm/idm-admin-password";
    extractKey = "password";
    services = [ "kanidm" ];
+    owner = "kanidm";
+    group = "kanidm";
  };

  # Monitoring scrape target