{ config, ... }:
let
  my = config.my;
in
{
  services.dex = {
    enable = true;
    settings = {
      issuer = "";
      storage = {
        type = "sqlite3";
        config.file = "gitea/dex.db";
      };
      enablePasswordDB = true;
      /*
      web = {
        http = "";
      };
      staticClients = [
        {
          id = "oidcclient";
          name = "Client";
          redirectURIs = [ "/callback" ];
          secretFile = "/etc/dex/oidcclient";
        }
        ];
      */
      connectors = {
        type = "gitea";
        id = "gitea";
        name = "Gitea";
        config = {
          clientID = "Gitea";
          clientSecret = "b2a1b7ae-2f31-489d-84c3-4d429085db14";
          redirectURL = "http://127.0.0.1:5556/dex/callback";
          baseURL = "https://git.${my.subZone}";
        };
      };
    };
  };
}