kanidm: allow hydra to cache alternative build with secret provisioning (#358782)

nixos/modules/services/security/kanidm.nix

@@ -734,7 +734,7 @@ in
             -> cfg.package.enableSecretProvisioning;
           message = ''
             Specifying an admin account password or oauth2 basicSecretFile requires kanidm to be built with the secret provisioning patches.
-            You may want to set `services.kanidm.package = pkgs.kanidm.withSecretProvisioning;`.
+            You may want to set `services.kanidm.package = pkgs.kanidmWithSecretProvisioning;`.
           '';
         }
         # Entity names must be globally unique:

nixos/tests/kanidm-provisioning.nix

@@ -23,7 +23,7 @@ import ./make-test-python.nix (
       { pkgs, lib, ... }:
       {
         services.kanidm = {
-          package = pkgs.kanidm.withSecretProvisioning;
+          package = pkgs.kanidmWithSecretProvisioning;
           enableServer = true;
           serverSettings = {
             origin = "https://${serverDomain}";

pkgs/top-level/all-packages.nix

@@ -11731,6 +11731,10 @@ with pkgs;
 
   jitsi-videobridge = callPackage ../servers/jitsi-videobridge { };
 
+  kanidmWithSecretProvisioning = callPackage ../by-name/ka/kanidm/package.nix {
+    enableSecretProvisioning = true;
+  };
+
   knot-resolver = callPackage ../servers/dns/knot-resolver {
     systemd = systemdMinimal; # in closure already anyway
   };