{ config, pkgs, ... }:
let
  inherit (config.networking) domain;
  inherit (config.serverConfig) ports vhosts;
in
{
  services.forgejo = {
    enable = true;
    package = pkgs.forgejo;

    database = {
      user = "gitea";
      path = "${config.services.forgejo.stateDir}/data/gitea.db";
      name = "gitea";
    };

    dump.enable = true;

    settings = {
      service.DISABLE_REGISTRATION = true;
      server = {
        HTTP_PORT = vhosts.gitea_host.port;
        ROOT_URL = "https://${vhosts.gitea_host.host}/";
        DISABLE_SSH = false;
        SSH_DOMAIN = domain;
        START_SSH_SERVER = true;
        BUILTIN_SSH_SERVER_USER = "git";
        SSH_PORT = ports.gitea_ssh_port.port;
        # SSH_LISTEN_HOST="::"; # fixme?
        # SSH_AUTHORIZED_PRINCIPALS_ALLOW="username";
      };
      # log.LEVEL = "Debug";
      "ssh.minimum_key_sizes".RSA = 2048;
      "git.timeout".MIGRATE = 6000;
    };
    lfs.enable = true;
  };

  environment.systemPackages = with pkgs; [ gitea ];
}