{ config, values, pkgs, ... }:
let
  cfg = config.services.gitea;
in {
  sops.secrets."gitea/dbpassword" = { };

  services.gitea = {
    enable = true;
    user = "git";
    rootUrl = "https://gitea.pvv.ntnu.no/";
    stateDir = "/data/gitea";
    appName = "PVV Git";

    enableUnixSocket = true;

    database = {
      type = "postgres";
      host = values.hosts.bicep.ipv4;
      port = 5432;
      passwordFile = config.sops.secrets."gitea/dbpassword".path;
      createDatabase = false;
    };

    settings = {
      service.DISABLE_REGISTRATION = true;
      session.COOKIE_SECURE = true;
    };
  };

  services.nginx.virtualHosts = {
    "gitea.pvv.ntnu.no" = {
      forceSSL = true;
      enableACME = true;
      locations."/" = {
        proxyPass = "http://unix:/run/gitea/gitea.sock";
        proxyWebsockets = true;
        recommendedProxySettings = true;
      };
    };

    "git2.pvv.ntnu.no" = {
      globalRedirect = "gitea.pvv.ntnu.no";
    };
  };

  users.users.git = {
    description = "Gitea service";
    home = cfg.stateDir;
    #useDefaultShell = true;

    group = "gitea";
    isSystemUser = true;
    #uid = config.ids.uids.git;
    packages = [ pkgs.gitea ];
  };

}