From f15f20aad7109deb65a3201efd3a018d8a253a2c Mon Sep 17 00:00:00 2001
From: oddlama <oddlama@oddlama.org>
Date: Tue, 18 Mar 2025 19:42:43 +0100
Subject: [PATCH] nixos/kanidm: add extraJsonFile to BindReadOnlyPaths if set

---
 nixos/modules/services/security/kanidm.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/nixos/modules/services/security/kanidm.nix b/nixos/modules/services/security/kanidm.nix
index 5853940e6758..3adc7f0bb0be 100644
--- a/nixos/modules/services/security/kanidm.nix
+++ b/nixos/modules/services/security/kanidm.nix
@@ -51,6 +51,7 @@ let
       cfg.provision.idmAdminPasswordFile
       cfg.provision.adminPasswordFile
     ]
+    ++ optional (cfg.provision.extraJsonFile != null) cfg.provision.extraJsonFile
     ++ mapAttrsToList (_: x: x.basicSecretFile) cfg.provision.systems.oauth2
   );
   secretDirectories = unique (