{ lib, pkgs, config, ... }:

let

  cfg = config.services.forgejo;
  srv = cfg.settings.server;

in

{

  security.acme.certs."${config.networking.domain}".extraDomainNames = [
    "git.${config.networking.domain}"
  ];

  services.nginx.virtualHosts."git.${config.networking.domain}" = {
    onlySSL = true;
    useACMEHost = config.networking.domain;
    locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
    extraConfig = ''
      client_max_body_size 512M;
    '';
  };

  services.forgejo = {

    enable = true;

    database.type = "postgres";
    lfs.enable = true;

    settings = {

      server = {
        DOMAIN = "git.${config.networking.domain}";
        ROOT_URL = "https://${config.services.forgejo.settings.server.DOMAIN}/";
        HTTP_PORT = 3080;
      };

      service.DISABLE_REGISTRATION = true; 

      actions = {
        ENABLED = true;
        DEFAULT_ACTIONS_URL = "github";
      };

      mailer = {
        ENABLED = true;
        SMTP_ADDR = "localhost";
        SMTP_PORT = 25;
        FROM = "Forgejo <git@${config.networking.domain}>";
      };
    };
  };
}