{config, ...}: {
  age.secrets.dex.file = ../../secrets/personal/dex.age;
  services.dex = {
    enable = true;
    settings = {
      issuer = "https://auth.jolheiser.com";
      storage = {
        type = "sqlite3";
        config.file = "/var/lib/dex/dex.db";
      };
      web.http = "localhost:2884";
      enablePasswordDB = true;
      staticPasswords = [
        {
          email = "john@jolheiser.com";
          hash = "$DEX_JOLHEISER_HASH";
          username = "jolheiser";
          userID = "$DEX_JOLHEISER_UID";
        }
      ];
    };
    environmentFile = config.age.secrets.dex.path;
  };
}