From 5a9b7f45146fce474fce41536502c59c2fe3e1a1 Mon Sep 17 00:00:00 2001
From: xeals <dev@xeal.me>
Date: Sat, 27 Aug 2022 17:39:29 +1000
Subject: [PATCH 1/2] nixos/portunus: fix typo in option usage

---
 nixos/modules/services/misc/portunus.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/modules/services/misc/portunus.nix b/nixos/modules/services/misc/portunus.nix
index a2247272fa26..afe145d7cc63 100644
--- a/nixos/modules/services/misc/portunus.nix
+++ b/nixos/modules/services/misc/portunus.nix
@@ -212,7 +212,7 @@ in
 
         staticClients = forEach cfg.dex.oidcClients (client: {
           inherit (client) id;
-          redirectURIs = [ client.callbackURI ];
+          redirectURIs = [ client.callbackURL ];
           name = "OIDC for ${client.id}";
           secret = "$DEX_CLIENT_${client.id}";
         });

From 836505dee4a27ce850cfff33ac083b6d1ad70503 Mon Sep 17 00:00:00 2001
From: xeals <dev@xeal.me>
Date: Sat, 27 Aug 2022 17:39:46 +1000
Subject: [PATCH 2/2] nixos/portunus: fix specification of client secret

Environment variables are only expanded in *Env variables.

Ref dexidp/dex#1664
---
 nixos/modules/services/misc/portunus.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/modules/services/misc/portunus.nix b/nixos/modules/services/misc/portunus.nix
index afe145d7cc63..70a8e5602622 100644
--- a/nixos/modules/services/misc/portunus.nix
+++ b/nixos/modules/services/misc/portunus.nix
@@ -214,7 +214,7 @@ in
           inherit (client) id;
           redirectURIs = [ client.callbackURL ];
           name = "OIDC for ${client.id}";
-          secret = "$DEX_CLIENT_${client.id}";
+          secretEnv = "DEX_CLIENT_${client.id}";
         });
       };
     };