diff --git a/nixos/server/gallery.nix b/nixos/server/gallery.nix
index 5c38cc5c4c594a8853c6e09065d9004b5d58822f..5d01f41168a12cf8ef10aff61dea1aa9eaaaeefe 100644
--- a/nixos/server/gallery.nix
+++ b/nixos/server/gallery.nix
@@ -25,10 +25,23 @@
       PHOTOPRISM_DATABASE_SERVER = "/run/mysqld/mysqld.sock";
       PHOTOPRISM_DATABASE_NAME = "photoprism";
       PHOTOPRISM_DATABASE_USER = "photoprism";
+
+      PHOTOPRISM_LOG_LEVEL = "debug";
+
+      PHOTOPRISM_OIDC_URI = "https://auth.eisfunke.com/application/o/eisfunkegallery/";
+      PHOTOPRISM_OIDC_CLIENT = "bgZd35W6isBUnkDnLIqDA1HGlVbjNdauxfAZvxvE";
+      #PHOTOPRISM_OIDC_SECRET is set in environmentfile
+      #PHOTOPRISM_OIDC_SCOPES = "";
+      PHOTOPRISM_OIDC_PROVIDER = "EisfunkeAuth";
+      #PHOTOPRISM_OIDC_ICON = "";
+      #PHOTOPRISM_OIDC_REDIRECT = ""; TODO activate
+      PHOTOPRISM_OIDC_REGISTER = "true";  # TODO don't forget to set permissions in authentik!
+      #PHOTOPRISM_OIDC_USERNAME = "";
+      #PHOTOPRISM_OIDC_WEBDAV = "";
     };
   };
 
-  # sponsor features are enabled here
+  # sponsor features and OIDC secret
   systemd.services.photoprism.serviceConfig.EnvironmentFile = config.age.secrets.server_gallery.path;
 
   # sadly PhotoPrism doesn't support PostgreSQL
diff --git a/res/secrets/server/gallery.age b/res/secrets/server/gallery.age
index 6485d5b657e6f7905cdcf020dac874cb987ab9f5..0121a0b6194f7cdab294906fdf3690f33552861a 100644
Binary files a/res/secrets/server/gallery.age and b/res/secrets/server/gallery.age differ