diff --git a/machines/vault01/k-radius/module.nix b/machines/vault01/k-radius/module.nix
index fa38934..70173c1 100644
--- a/machines/vault01/k-radius/module.nix
+++ b/machines/vault01/k-radius/module.nix
@@ -15,8 +15,7 @@ let
 
   settingsFormat = pkgs.formats.toml { };
 
-  py-pkgs = import ./packages/python { inherit pkgs; };
-  pykanidm = pkgs.callPackage ./packages/pykanidm.nix { inherit (py-pkgs) pydantic; };
+  pykanidm = pkgs.python3.pkgs.callPackage ./packages/pykanidm.nix { };
   rlm_python = pkgs.callPackage ./packages/rlm_python.nix { inherit pykanidm; };
 
   cfg = config.services.k-radius;
diff --git a/machines/vault01/k-radius/packages/python_path.patch b/machines/vault01/k-radius/packages/01-python_path.patch
similarity index 68%
rename from machines/vault01/k-radius/packages/python_path.patch
rename to machines/vault01/k-radius/packages/01-python_path.patch
index 876fb16..6c35e8a 100644
--- a/machines/vault01/k-radius/packages/python_path.patch
+++ b/machines/vault01/k-radius/packages/01-python_path.patch
@@ -1,13 +1,13 @@
-diff --git a/rlm_python/mods-available/python3 b/rlm_python/mods-available/python3
+diff --git a/mods-available/python3 b/mods-available/python3
 index 978536f8a..90c71fca0 100644
---- a/rlm_python/mods-available/python3
-+++ b/rlm_python/mods-available/python3
+--- a/mods-available/python3
++++ b/mods-available/python3
 @@ -13,7 +13,7 @@ python3 {
  	#  item is GLOBAL TO THE SERVER.  That is, you cannot have two
  	#  instances of the python module, each with a different path.
  	#
 -	python_path="/usr/lib64/python3.8:/usr/lib/python3.8:/usr/lib/python3.8/site-packages:/usr/lib64/python3.8/site-packages:/usr/lib64/python3.8/lib-dynload:/usr/local/lib/python3.8/site-packages:/etc/raddb/mods-config/python3/"
-+	python_path="@kanidm_python@:/etc/raddb/mods-config/python3/"
++	python_path="@pythonPath@:/etc/raddb/mods-config/python3/"
  
  	module = "kanidm.radius"
  	# python_path = ${modconfdir}/${.:name}
diff --git a/machines/vault01/k-radius/packages/pykanidm.nix b/machines/vault01/k-radius/packages/pykanidm.nix
index 87e6fda..f49d8b2 100644
--- a/machines/vault01/k-radius/packages/pykanidm.nix
+++ b/machines/vault01/k-radius/packages/pykanidm.nix
@@ -1,52 +1,43 @@
 {
   lib,
+  buildPythonPackage,
   fetchFromGitHub,
-  python3,
+  poetry-core,
+  aiohttp,
+  authlib,
   pydantic,
+  toml,
 }:
 
-let
+buildPythonPackage rec {
   pname = "kanidm";
-  version = "0.0.3";
-in
-python3.pkgs.buildPythonPackage {
-  inherit pname version;
-  format = "pyproject";
+  version = "1.1.0-rc.16";
+  pyproject = true;
 
-  disabled = python3.pythonOlder "3.8";
+  src = fetchFromGitHub {
+    owner = "kanidm";
+    repo = "kanidm";
+    rev = "v${version}";
+    hash = "sha256-NH9V5KKI9LAtJ2/WuWtUJUzkjVMfO7Q5NQkK7Ys2olU=";
+  };
 
-  src =
-    (fetchFromGitHub {
-      owner = pname;
-      repo = pname;
-      # Latest 1.1.0-rc.15 tip
-      rev = "a5ca8018e3a636dbb0a79b3fd869db059d92979d";
-      hash = "sha256-PFGoeGn7a/lVR6rOmOKA3ydAoo3/+9RlkwBAKS22Psg=";
-    })
-    + "/pykanidm";
+  sourceRoot = "source/pykanidm";
 
-  nativeBuildInputs = with python3.pkgs; [ poetry-core ];
+  build-system = [ poetry-core ];
 
-  propagatedBuildInputs = with python3.pkgs; [
+  dependencies = [
     aiohttp
+    authlib
     pydantic
     toml
-    (authlib.overridePythonAttrs (_: {
-      doCheck = false;
-    }))
   ];
 
-  doCheck = false;
-
   pythonImportsCheck = [ "kanidm" ];
 
   meta = with lib; {
-    description = "Kanidm client library";
-    homepage = "https://github.com/kanidm/kanidm/tree/master/pykanidm";
+    description = "Kanidm: A simple, secure and fast identity management platform";
+    homepage = "https://github.com/kanidm/kanidm";
     license = licenses.mpl20;
-    maintainers = with maintainers; [
-      arianvp
-      hexa
-    ];
+    maintainers = with maintainers; [ thubrecht ];
   };
 }
diff --git a/machines/vault01/k-radius/packages/python/01-remove-benchmark-flags.patch b/machines/vault01/k-radius/packages/python/01-remove-benchmark-flags.patch
deleted file mode 100644
index a5c27e4..0000000
--- a/machines/vault01/k-radius/packages/python/01-remove-benchmark-flags.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-diff --git a/pyproject.toml b/pyproject.toml
-index 1602e32..507048d 100644
---- a/pyproject.toml
-+++ b/pyproject.toml
-@@ -72,13 +72,6 @@ filterwarnings = [
- ]
- timeout = 30
- xfail_strict = true
--# min, max, mean, stddev, median, iqr, outliers, ops, rounds, iterations
--addopts = [
--    '--benchmark-columns', 'min,mean,stddev,outliers,rounds,iterations',
--    '--benchmark-group-by', 'group',
--    '--benchmark-warmup', 'on',
--    '--benchmark-disable',  # this is enable by `make benchmark` when you actually want to run benchmarks
--]
- 
- [tool.coverage.run]
- source = ['pydantic_core']
diff --git a/machines/vault01/k-radius/packages/python/default.nix b/machines/vault01/k-radius/packages/python/default.nix
deleted file mode 100644
index 968cd4b..0000000
--- a/machines/vault01/k-radius/packages/python/default.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ pkgs }:
-
-let
-  inherit (pkgs) lib;
-
-  callPackage = lib.callPackageWith (pkgs // pkgs.python3.pkgs // self);
-
-  self = builtins.listToAttrs (
-    builtins.map
-      (name: {
-        inherit name;
-        value = callPackage (./. + "/${name}.nix") { };
-      })
-      [
-        "pydantic"
-        "pydantic-core"
-      ]
-  );
-in
-self
diff --git a/machines/vault01/k-radius/packages/python/pydantic-core.nix b/machines/vault01/k-radius/packages/python/pydantic-core.nix
deleted file mode 100644
index 87d8ace..0000000
--- a/machines/vault01/k-radius/packages/python/pydantic-core.nix
+++ /dev/null
@@ -1,84 +0,0 @@
-{
-  stdenv,
-  lib,
-  buildPythonPackage,
-  fetchFromGitHub,
-  cargo,
-  rustPlatform,
-  rustc,
-  libiconv,
-  typing-extensions,
-  pytestCheckHook,
-  hypothesis,
-  pytest-timeout,
-  pytest-mock,
-  dirty-equals,
-}:
-
-let
-  pydantic-core = buildPythonPackage rec {
-    pname = "pydantic-core";
-    version = "2.14.5";
-    format = "pyproject";
-
-    src = fetchFromGitHub {
-      owner = "pydantic";
-      repo = "pydantic-core";
-      rev = "refs/tags/v${version}";
-      hash = "sha256-UguZpA3KEutOgIavjx8Ie//0qJq+4FTZNQTwb/ZIgb8=";
-    };
-
-    patches = [ ./01-remove-benchmark-flags.patch ];
-
-    cargoDeps = rustPlatform.fetchCargoTarball {
-      inherit src;
-      name = "${pname}-${version}";
-      hash = "sha256-mMgw922QjHmk0yimXfolLNiYZntTsGydQywe7PTNnwc=";
-    };
-
-    nativeBuildInputs = [
-      cargo
-      rustPlatform.cargoSetupHook
-      rustPlatform.maturinBuildHook
-      rustc
-      typing-extensions
-    ];
-
-    buildInputs = lib.optionals stdenv.isDarwin [ libiconv ];
-
-    propagatedBuildInputs = [ typing-extensions ];
-
-    pythonImportsCheck = [ "pydantic_core" ];
-
-    # escape infinite recursion with pydantic via dirty-equals
-    doCheck = false;
-    passthru.tests.pytest = pydantic-core.overrideAttrs { doCheck = true; };
-
-    nativeCheckInputs = [
-      pytestCheckHook
-      hypothesis
-      pytest-timeout
-      dirty-equals
-      pytest-mock
-    ];
-
-    disabledTests = [
-      # RecursionError: maximum recursion depth exceeded while calling a Python object
-      "test_recursive"
-    ];
-
-    disabledTestPaths = [
-      # no point in benchmarking in nixpkgs build farm
-      "tests/benchmarks"
-    ];
-
-    meta = with lib; {
-      changelog = "https://github.com/pydantic/pydantic-core/releases/tag/v${version}";
-      description = "Core validation logic for pydantic written in rust";
-      homepage = "https://github.com/pydantic/pydantic-core";
-      license = licenses.mit;
-      maintainers = with maintainers; [ blaggacao ];
-    };
-  };
-in
-pydantic-core
diff --git a/machines/vault01/k-radius/packages/python/pydantic.nix b/machines/vault01/k-radius/packages/python/pydantic.nix
deleted file mode 100644
index e36ceb9..0000000
--- a/machines/vault01/k-radius/packages/python/pydantic.nix
+++ /dev/null
@@ -1,92 +0,0 @@
-{
-  lib,
-  buildPythonPackage,
-  fetchFromGitHub,
-  pythonOlder,
-
-  # build-system
-  hatchling,
-  hatch-fancy-pypi-readme,
-
-  # native dependencies
-  libxcrypt,
-
-  # dependencies
-  annotated-types,
-  pydantic-core,
-  typing-extensions,
-
-  # tests
-  cloudpickle,
-  email-validator,
-  dirty-equals,
-  faker,
-  pytestCheckHook,
-  pytest-mock,
-}:
-
-buildPythonPackage rec {
-  pname = "pydantic";
-  version = "2.5.2";
-  pyproject = true;
-
-  disabled = pythonOlder "3.7";
-
-  src = fetchFromGitHub {
-    owner = "pydantic";
-    repo = "pydantic";
-    rev = "refs/tags/v${version}";
-    hash = "sha256-D0gYcyrKVVDhBgV9sCVTkGq/kFmIoT9l0i5bRM1qxzM=";
-  };
-
-  buildInputs = lib.optionals (pythonOlder "3.9") [ libxcrypt ];
-
-  nativeBuildInputs = [
-    hatch-fancy-pypi-readme
-    hatchling
-  ];
-
-  propagatedBuildInputs = [
-    annotated-types
-    pydantic-core
-    typing-extensions
-  ];
-
-  passthru.optional-dependencies = {
-    email = [ email-validator ];
-  };
-
-  nativeCheckInputs = [
-    cloudpickle
-    dirty-equals
-    faker
-    pytest-mock
-    pytestCheckHook
-  ] ++ lib.flatten (lib.attrValues passthru.optional-dependencies);
-
-  preCheck = ''
-    export HOME=$(mktemp -d)
-    substituteInPlace pyproject.toml \
-      --replace "'--benchmark-columns', 'min,mean,stddev,outliers,rounds,iterations'," "" \
-      --replace "'--benchmark-group-by', 'group'," "" \
-      --replace "'--benchmark-warmup', 'on'," "" \
-      --replace "'--benchmark-disable'," ""
-  '';
-
-  disabledTestPaths = [
-    "tests/benchmarks"
-
-    # avoid cyclic dependency
-    "tests/test_docs.py"
-  ];
-
-  pythonImportsCheck = [ "pydantic" ];
-
-  meta = with lib; {
-    description = "Data validation and settings management using Python type hinting";
-    homepage = "https://github.com/pydantic/pydantic";
-    changelog = "https://github.com/pydantic/pydantic/blob/v${version}/HISTORY.md";
-    license = licenses.mit;
-    maintainers = with maintainers; [ wd15 ];
-  };
-}
diff --git a/machines/vault01/k-radius/packages/rlm_python.nix b/machines/vault01/k-radius/packages/rlm_python.nix
index 71f491a..6eca84a 100644
--- a/machines/vault01/k-radius/packages/rlm_python.nix
+++ b/machines/vault01/k-radius/packages/rlm_python.nix
@@ -1,34 +1,38 @@
 {
   stdenv,
   fetchFromGitHub,
+  substituteAll,
   python3,
   pykanidm,
 }:
 
 let
-  pythonPath = with python3.pkgs; makePythonPath [ pykanidm ];
+  pythonPath = python3.pkgs.makePythonPath [ pykanidm ];
 in
+
 stdenv.mkDerivation rec {
   pname = "rlm_python";
-  version = "1.1.0-rc.15";
+  version = "1.1.0-rc.16";
 
   src = fetchFromGitHub {
     owner = "kanidm";
     repo = "kanidm";
     rev = "v${version}";
-    hash = "sha256-0y8juXS61Z9zxOdsWAQ6lJurP+n855Nela6egYRecok=";
+    hash = "sha256-NH9V5KKI9LAtJ2/WuWtUJUzkjVMfO7Q5NQkK7Ys2olU=";
   };
 
-  patches = [ ./python_path.patch ];
+  sourceRoot = "source/rlm_python";
 
-  postPatch = ''
-    substituteInPlace rlm_python/mods-available/python3 \
-      --replace "@kanidm_python@" "${pythonPath}"
-  '';
+  patches = [
+    (substituteAll {
+      src = ./01-python_path.patch;
+      inherit pythonPath;
+    })
+  ];
 
   installPhase = ''
     mkdir -p $out/etc/raddb/
-    cp -R rlm_python/{mods-available,sites-available} $out/etc/raddb/
+    cp -R mods-available sites-available $out/etc/raddb/
   '';
 
   phases = [
@@ -40,6 +44,4 @@ stdenv.mkDerivation rec {
   passthru = {
     inherit pythonPath;
   };
-
-  preferLocalBuild = true;
 }