diff --git a/modules/nixos/kanidm/client.toml b/modules/nixos/kanidm/client.toml
deleted file mode 100644
index 1ea48a5..0000000
--- a/modules/nixos/kanidm/client.toml
+++ /dev/null
@@ -1,2 +0,0 @@
-uri = "https://idm.foxtrot.hare-cod.ts.net:8443"
-ca_path = "/tmp/cert.pem"
diff --git a/modules/nixos/kanidm/kanidm.db b/modules/nixos/kanidm/kanidm.db
deleted file mode 100644
index 2a0e7c7..0000000
Binary files a/modules/nixos/kanidm/kanidm.db and /dev/null differ
diff --git a/modules/nixos/kanidm/server.toml b/modules/nixos/kanidm/server.toml
deleted file mode 100644
index 3e35d9e..0000000
--- a/modules/nixos/kanidm/server.toml
+++ /dev/null
@@ -1,10 +0,0 @@
-bindaddress = "[::]:8443"
-db_path = "/home/daniel/code/nix/modules/nixos/kanidm/kanidm.db"
-tls_chain = "/tmp/cert.pem"
-tls_key = "/tmp/key.pem"
-domain = "idm.foxtrot.hare-cod.ts.net"
-origin = "https://idm.foxtrot.hare-cod.ts.net:8443"
-
-[online_backup]
-path = "/tmp/kanidm/backups/"
-schedule = "00 22 * * *"
diff --git a/nixos/beefcake.nix b/nixos/beefcake.nix
index 0f520ed..9c8b3cd 100644
--- a/nixos/beefcake.nix
+++ b/nixos/beefcake.nix
@@ -447,7 +447,6 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
       users.groups.daniel.members = ["daniel"];
       users.groups.nixadmin.members = ["daniel"];
       users.users.daniel = {
-        packages = [pkgs.weechat];
         extraGroups = [
           "nixadmin" # write access to /etc/nixos/ files
           "wheel" # sudo access
@@ -778,6 +777,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
             gitMinimal
             gnused
             nodejs
+            gnutar # needed for cache action
             wget
           ];
         };
@@ -1008,19 +1008,27 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
 
         serverSettings = {
           bindaddress = "[::]:8443";
-          db_path = "/storage/kanidm/data/kanidm.db";
+          # ldapbindaddress
           # TODO: these will need permissions?
           tls_chain = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/idm.h.lyte.dev.crt";
           tls_key = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/idm.h.lyte.dev.key";
-          domain = "idm.foxtrot.hare-cod.ts.net";
-          origin = "https://idm.h.lyte.dev:8443";
+          domain = "idm.h.lyte.dev";
+          origin = "https://idm.h.lyte.dev";
+          # log_level
 
           online_backup = {
             path = "/storage/kanidm/backups/";
             schedule = "00 22 * * *";
+            # versions = 7;
           };
         };
 
+        unixSettings = {
+          uri = "https://idm.h.lyte.dev";
+          pam_allowed_login_groups = [];
+          # ca_path = "/path/to/ca.pem";
+        };
+
         clientSettings = {
           uri = "https://idm.h.lyte.dev";
           # ca_path = "/tmp/cert.pem";
diff --git a/safe-remote-upgrade.bash b/safe-remote-upgrade.bash
index d620fe6..530ca3d 100755
--- a/safe-remote-upgrade.bash
+++ b/safe-remote-upgrade.bash
@@ -30,9 +30,9 @@ git add -A
 
 ssh "root@$target_host" "bash -c '
   set -m
-  # sleep 5 mins
+  # sleep 15 mins
   echo \"Starting background reboot job...\"
-  (sleep 300; reboot;) &
+  (sleep 900; reboot;) &
   jobs -p
   disown
 '" &