{ config, pkgs, ... }:
let
  cfg = config.services.gitea;
in {
    services.gitea = {
      enable = true;
      package = pkgs.unstable.gitea;
      appName = "felixalbs Gitea";
      database = {
        type = "postgres";
        #passwordFile = "/var/gitea/passwdfile";
      };
      domain = "git.feal.no";
      rootUrl = "https://git.feal.no";
      httpPort = 3004;


      settings = {
        server.LANDING_PAGE=''"/felixalb"'';
        service.DISABLE_REGISTRATION = true;
        session.COOKIE_SECURE = true;

        packages.ENABLED = false;

        oauth2_client = {
          ENABLE_AUTO_REGISTRATION = true;
          OPENID_CONNECT_SCOPES = "email profile openid";
          UPDATE_AVATAR = true;
          ACCOUNT_LINKING = "auto";
          USERNAME = "email";
        };

        log.LEVEL = "Info";

        database.LOG_SQL = false;

        ui = {
          THEMES="gitea,arc-green,nord";
          DEFAULT_THEME="nord";
        };
      };

      # TODO:
      # - dump (automatic backups)
      # - configure mailer
    };

    networking.firewall.allowedTCPPorts = [ cfg.httpPort ];
}