diff --git a/machines/core-services-01/dex.nix b/machines/core-services-01/dex.nix
new file mode 100644
index 0000000..6834f07
--- /dev/null
+++ b/machines/core-services-01/dex.nix
@@ -0,0 +1,41 @@
+{ config, ... }:
+let
+  my = config.my
+in
+{
+  services.dex = {
+    enable = true;
+    settings = {
+      issuer = "";
+      storage = {
+        type = "sqlite3";
+        config.file = "gitea/dex.db";
+      };
+      enablePasswordDB = true;
+      /*
+      web = {
+        http = "";
+      };
+      staticClients = [
+        {
+          id = "oidcclient";
+          name = "Client";
+          redirectURIs = [ "/callback" ];
+          secretFile = "/etc/dex/oidcclient";
+        }
+        ];
+      */
+      connectors = {
+        type = "gitea";
+        id = "gitea";
+        name = "Gitea";
+        config = {
+          clientID = ;
+          clientSecret = ;
+          redirectURL = "http://127.0.0.1:5556/dex/callback";
+          baseURL = "https://git.${my.subZone}";
+        };
+      };
+    };
+  };
+}