{ config, ... }:
let
  my = config.my;
in
{
  services.dex = {
    enable = true;
    settings = {
      issuer = "http://127.0.0.1:5556/dex";
      storage = {
        type = "sqlite3";
        config.file = "gitea/dex.db";
      };
      enablePasswordDB = true;
      web = {
        http = "127.0.0.1:5556";
      };
      connectors = [ {
        type = "gitea";
        id = "gitea";
        name = "Gitea";
        config = {
          clientID = "Gitea";
          clientSecret = "b2a1b7ae-2f31-489d-84c3-4d429085db14";
          redirectURL = "http://127.0.0.1:5556/dex/callback";
          baseURL = "https://git.${my.subZone}";
        };
      } ];
    };
  };
}