gitea,nextcloud,roundcube,mailserver: depend on kanidm systemd service

sp-modules/gitea/module.nix

@@ -399,6 +399,7 @@ in
               fi
             '';
           # TODO consider passing oauth consumer service to auth module instead
+          after = [ auth-passthru.oauth2-systemd-service ];
           requires = [ auth-passthru.oauth2-systemd-service ];
         };
 

sp-modules/nextcloud/module.nix

@@ -378,6 +378,7 @@ in
             -vvv
           '';
           # TODO consider passing oauth consumer service to auth module instead
+          after = [ auth-passthru.oauth2-systemd-service ];
           requires = [ auth-passthru.oauth2-systemd-service ];
         };
         services.kanidm.provision = {

sp-modules/roundcube/module.nix

@@ -103,6 +103,10 @@ in
           $config['oauth_verify_peer'] = false; # FIXME
           # $config['oauth_pkce'] = 'S256'; # FIXME
         '';
+        systemd.services.roundcube = {
+          after = [ auth-passthru.oauth2-systemd-service ];
+          requires = [ auth-passthru.oauth2-systemd-service ];
+        };
         systemd.services.kanidm = {
           serviceConfig.ExecStartPre = lib.mkBefore [
             ("-+" + kanidmExecStartPreScriptRoot)

sp-modules/simple-nixos-mailserver/auth-dovecot.nix

@@ -132,8 +132,8 @@ in
     # TODO does it merge with existing preStart?
     preStart = setPwdInLdapConfFile + "\n" + write-dovecot-oauth2-conf + "\n";
     # FIXME pass dependant services to auth module option instead?
-    wants = [ auth-passthru.oauth2-systemd-service ];
     after = [ auth-passthru.oauth2-systemd-service ];
+    requires = [ auth-passthru.oauth2-systemd-service ];
     serviceConfig.RuntimeDirectory = lib.mkForce [ runtime-directory ];
   };