diff --git a/machines/compute01/kanidm/default.nix b/machines/compute01/kanidm/default.nix
index 2fb70cd..d66c06f 100644
--- a/machines/compute01/kanidm/default.nix
+++ b/machines/compute01/kanidm/default.nix
@@ -1,4 +1,4 @@
-{ config, ... }:
+{ config, sources, ... }:
 
 let
   domain = "sso.dgnum.eu";
@@ -18,6 +18,8 @@ in
   services.kanidm = {
     enableServer = true;
 
+    package = (import sources.nixos-unstable { }).kanidm;
+
     serverSettings = {
       inherit domain;
 
@@ -55,6 +57,8 @@ in
               set $origin 'https://${domain}';
           }
 
+          proxy_hide_header Access-Control-Allow-Origin;
+
           if ($request_method = 'OPTIONS') {
               add_header 'Access-Control-Allow-Origin' "$origin" always;
               add_header 'Access-Control-Allow-Methods' 'GET, POST, PATCH, PUT, DELETE, OPTIONS' always;