diff --git a/modules/home-manager/default.nix b/modules/home-manager/default.nix
index 994a4d1..e117d42 100644
--- a/modules/home-manager/default.nix
+++ b/modules/home-manager/default.nix
@@ -103,6 +103,7 @@
 
       packages = with pkgs; [
         # tools I use when editing nix code
+        kanidm
         nil
         alejandra
         gnupg
diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix
index 62c9a22..7278486 100644
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@@ -927,6 +927,42 @@
       root
     ];
 
+    services.kanidm = {
+      enableClient = true;
+      enablePam = true;
+      package = pkgs.kanidm;
+
+      clientSettings.uri = "https://idm.h.lyte.dev";
+      unixSettings = {
+        # hsm_pin_path = "/somewhere/else";
+        pam_allowed_login_groups = [];
+      };
+    };
+
+    systemd.tmpfiles.rules = [
+      "d /etc/kanidm 1755 nobody users -"
+    ];
+
+    # module has the incorrect file permissions out of the box
+    environment.etc = {
+      # "kanidm" = {
+      # enable = true;
+      #   user = "nobody";
+      #   group = "users";
+      #   mode = "0755";
+      # };
+      "kanidm/unixd" = {
+        user = "kanidm-unixd";
+        group = "kanidm-unixd";
+        mode = "0700";
+      };
+      "kanidm/config" = {
+        user = "nobody";
+        group = "users";
+        mode = "0755";
+      };
+    };
+
     programs.gnupg.agent = {
       enable = true;
       pinentryPackage = lib.mkDefault pkgs.pinentry-tty;