diff --git a/utils/modules/authelia/default.nix b/utils/modules/authelia/default.nix
index 5f44c89..ea4a91d 100644
--- a/utils/modules/authelia/default.nix
+++ b/utils/modules/authelia/default.nix
@@ -48,8 +48,8 @@
           url = "ldaps://ldap.cloonar.com";
           base_dn = "DC=cloonar,DC=com";
           additional_users_dn = "OU=users";
-          users_filter = "(&({mail}={input})(objectClass=person))";
-          username_attribute = "uid";
+          users_filter = "(&({username_attribute}={input})(objectClass=person))";
+          username_attribute = "mail";
           mail_attribute = "mail";
           display_name_attribute = "displayName";
           additional_groups_dn = "OU=groups";
@@ -109,6 +109,43 @@
           filename = "/var/lib/authelia-main/notification.txt";
         };
       };
+      identity_providers = {
+        oidc = {
+          ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
+          ## See: https://www.authelia.com/c/oidc
+          clients = [
+            {
+              id = "nextcloud";
+              description = "NextCloud";
+              secret = "$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng";
+              public = false;
+              authorization_policy = "one_factor";
+              redirect_uris = [ "https://nextcloud.example.com/apps/oidc_login/oidc" ];
+              scopes = [
+                "openid"
+                "profile"
+                "email"
+                "groups"
+              ];
+              userinfo_signing_algorithm = "none";
+            }
+            {
+              id = "gitea";
+              description = "Gitea";
+              secret = "$6$8CO08RKzsB2e47SY$oZCadmL5nz8HDaZ6miPKmcGNIefUW8qCjHxkn52G1kyKSzZBkKHkCzvlyOU3TXWBY/OpWlqWAHJ4ORtpOkocz/";
+              public = false;
+              authorization_policy = "one_factor";
+              redirect_uris = [ "https://git.cloonar.com/user/oauth2/authelia/callback" ];
+              scopes = [
+                "openid"
+                "profile"
+                "email"
+              ];
+              userinfo_signing_algorithm = "none";
+            }
+          ];
+        };
+      };
     };
   };
   services.nginx.virtualHosts."auth.cloonar.com" = {
diff --git a/utils/modules/gitea.nix b/utils/modules/gitea.nix
index b01dfbc..357f40a 100644
--- a/utils/modules/gitea.nix
+++ b/utils/modules/gitea.nix
@@ -20,7 +20,16 @@ in
         HTTP_PORT = 3001;
         DOMAIN = domain;
       };
-      service.DISABLE_REGISTRATION = true;
+      openid = {
+        ENABLE_OPENID_SIGNIN = false;
+        ENABLE_OPENID_SIGNUP = true;
+        WHITELISTED_URIS     = "auth.example.com";
+      };
+      service = {
+        DISABLE_REGISTRATION                          = false;
+        ALLOW_ONLY_EXTERNAL_REGISTRATION              = true;
+        SHOW_REGISTRATION_BUTTON                      = false;
+      };
       webhook.ALLOWED_HOST_LIST = "drone.cloonar.com";
     };
   };