diff --git a/pp-gitea.nix b/pp-gitea.nix
index 7fd47e8..3835367 100644
--- a/pp-gitea.nix
+++ b/pp-gitea.nix
@@ -44,9 +44,12 @@ in
     services.gitea.enable = true;
     services.gitea.rootUrl = "https://${cfg.domain}/";
     services.gitea.settings.session.COOKIE_SECURE = lib.mkForce true;        # Why do I need to override this???
+
+    # If true, openid users cannot create new account
     #services.gitea.settings.service.DISABLE_REGISTRATION = lib.mkForce (!cfg.openIdEnable);
-    #services.gitea.settings.service.ALLOW_ONLY_EXTERNAL_REGISTRATION = cfg.openIdEnable;
-    #services.gitea.settings."openid".ENABLE_OPENID_SIGNUP = cfg.openIdEnable;
+    services.gitea.settings.service.DISABLE_REGISTRATION = lib.mkForce false;
+    services.gitea.settings.service.ALLOW_ONLY_EXTERNAL_REGISTRATION = cfg.openIdEnable;
+
     services.gitea.lfs.enable = true;
     services.gitea.domain = cfg.domain;
     # services.gitea.database.type = "postgres"; # Default is sqlite3, probably better for a small instance
@@ -99,9 +102,9 @@ in
                 proxy_pass_request_headers on;
               '';
             };
-#            locations."/user/login" = lib.mkIf (cfg.openIdEnable) {
-#              globalRedirect = "$host/${cfg.openIdClientName}";
-#            };
+            locations."/user/login" = lib.mkIf (cfg.openIdEnable) {
+              return = "301 https://$host/user/oauth2/${cfg.openIdClientName}";
+            };
           };
         };
       };