fix(kanidm): Revert switch to simpleProxies

As we proxy to an https endpoint, this was not supported

machines/compute01/kanidm/default.nix

@@ -8,9 +8,8 @@
 let
   inherit (lib) escapeRegex concatStringsSep;
 
-  host = "sso.dgnum.eu";
+  domain = "sso.dgnum.eu";
   port = 8443;
-  domain = host;
 
   cert = config.security.acme.certs.${domain};
 
@@ -41,7 +40,7 @@ in
 
       origin = "https://${domain}";
 
-      bindaddress = "127.0.0.1:8443";
+      bindaddress = "127.0.0.1:${builtins.toString port}";
       ldapbindaddress = "0.0.0.0:636";
 
       trust_x_forward_for = true;
@@ -53,9 +52,18 @@ in
 
   users.users.kanidm.extraGroups = [ cert.group ];
 
-  dgn-web.simpleProxies.kanidm = {
+  dgn-web.internalPorts.kanidm = port;
-    inherit host port;
+
-    vhostConfig.locations."/".extraConfig = ''
+  services.nginx = {
+    enable = true;
+
+    virtualHosts.${domain} = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "https://127.0.0.1:${builtins.toString port}";
+
+        extraConfig = ''
           if ( $request_method !~ ^(GET|POST|HEAD|OPTIONS|PUT|PATCH|DELETE)$ ) {
               return 444;
           }
@@ -88,6 +96,8 @@ in
           }
         '';
       };
+    };
+  };
 
   networking.firewall.allowedTCPPorts = [ 636 ];
   networking.firewall.allowedUDPPorts = [ 636 ];