{ config, pkgs, lib, ... }:
let
  cfg = config.services.gitea;
  domain = "git.feal.no";
  httpPort = 3004;
  /* sshPort = 2222; */
in {
    services.gitea = {
      enable = true;
      package = pkgs.unstable.gitea;
      appName = "felixalbs Gitea";
      database = {
        type = "postgres";
      };

      settings = {
        server = {
          LANDING_PAGE=''"/felixalb"'';
          HTTP_PORT = httpPort;
          /* SSH_PORT = sshPort; */
          SSH_DOMAIN = "voyager.home.feal.no";
          DOMAIN = domain;
          ROOT_URL = "https://${domain}";
        };

        service.DISABLE_REGISTRATION = true;
        session.COOKIE_SECURE = true;

        packages.ENABLED = false;
        packages.CHUNKED_UPLOAD_PATH = "${cfg.stateDir}/tmp/package-upload";

        oauth2_client = {
          ENABLE_AUTO_REGISTRATION = true;
          OPENID_CONNECT_SCOPES = "email profile openid";
          UPDATE_AVATAR = true;
          ACCOUNT_LINKING = "auto";
          USERNAME = "email";
        };

        log.LEVEL = "Info";

        database.LOG_SQL = false;

        ui = {
          THEMES="gitea,arc-green,nord";
          DEFAULT_THEME="nord";
        };
      };

      # TODO:
      # - dump (automatic backups)
      # - configure mailer
    };

    systemd.services.gitea.serviceConfig.WorkingDirectory = lib.mkForce "/var/lib/gitea/work";

    networking.firewall.allowedTCPPorts = [ httpPort ];
    /* networking.firewall.allowedTCPPorts = [ httpPort sshPort ]; */
}