From ea443d2150ed73d7fa54bc78b178ef684ccc57dc Mon Sep 17 00:00:00 2001
From: Alexander Tomokhov <alexoundos@selfprivacy.org>
Date: Mon, 3 Feb 2025 01:04:19 +0400
Subject: [PATCH] gitea,nextcloud,roundcube,mailserver: depend on kanidm
 systemd service

---
 sp-modules/gitea/module.nix                         | 1 +
 sp-modules/nextcloud/module.nix                     | 1 +
 sp-modules/roundcube/module.nix                     | 4 ++++
 sp-modules/simple-nixos-mailserver/auth-dovecot.nix | 2 +-
 4 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/sp-modules/gitea/module.nix b/sp-modules/gitea/module.nix
index 7b32b1f..41381fb 100644
--- a/sp-modules/gitea/module.nix
+++ b/sp-modules/gitea/module.nix
@@ -399,6 +399,7 @@ in
               fi
             '';
           # TODO consider passing oauth consumer service to auth module instead
+          after = [ auth-passthru.oauth2-systemd-service ];
           requires = [ auth-passthru.oauth2-systemd-service ];
         };
 
diff --git a/sp-modules/nextcloud/module.nix b/sp-modules/nextcloud/module.nix
index 7919e07..70a856b 100644
--- a/sp-modules/nextcloud/module.nix
+++ b/sp-modules/nextcloud/module.nix
@@ -378,6 +378,7 @@ in
             -vvv
           '';
           # TODO consider passing oauth consumer service to auth module instead
+          after = [ auth-passthru.oauth2-systemd-service ];
           requires = [ auth-passthru.oauth2-systemd-service ];
         };
         services.kanidm.provision = {
diff --git a/sp-modules/roundcube/module.nix b/sp-modules/roundcube/module.nix
index 8c201d1..92f6df1 100644
--- a/sp-modules/roundcube/module.nix
+++ b/sp-modules/roundcube/module.nix
@@ -103,6 +103,10 @@ in
           $config['oauth_verify_peer'] = false; # FIXME
           # $config['oauth_pkce'] = 'S256'; # FIXME
         '';
+        systemd.services.roundcube = {
+          after = [ auth-passthru.oauth2-systemd-service ];
+          requires = [ auth-passthru.oauth2-systemd-service ];
+        };
         systemd.services.kanidm = {
           serviceConfig.ExecStartPre = lib.mkBefore [
             ("-+" + kanidmExecStartPreScriptRoot)
diff --git a/sp-modules/simple-nixos-mailserver/auth-dovecot.nix b/sp-modules/simple-nixos-mailserver/auth-dovecot.nix
index 4a2615b..a1559e9 100644
--- a/sp-modules/simple-nixos-mailserver/auth-dovecot.nix
+++ b/sp-modules/simple-nixos-mailserver/auth-dovecot.nix
@@ -132,8 +132,8 @@ in
     # TODO does it merge with existing preStart?
     preStart = setPwdInLdapConfFile + "\n" + write-dovecot-oauth2-conf + "\n";
     # FIXME pass dependant services to auth module option instead?
-    wants = [ auth-passthru.oauth2-systemd-service ];
     after = [ auth-passthru.oauth2-systemd-service ];
+    requires = [ auth-passthru.oauth2-systemd-service ];
     serviceConfig.RuntimeDirectory = lib.mkForce [ runtime-directory ];
   };