{ config, pkgs, lib, mkDomain, ... }:
{
  # Gitea
  # Git with a cup of tea

  services.gitea = rec {
    enable = true;
    settings.service.DISABLE_REGISTRATION = true; # disable after initial deploy
    #https://docs.gitea.io/en-us/config-cheat-sheet/
    #settings = {
    #  "cron.sync_external_users" = {
    #    RUN_AT_START = true;
    #    SCHEDULE = "@every 24h";
    #    UPDATE_EXISTING = true;
    #  };
    #  mailer = {
    #    ENABLED = true;
    #    MAILER_TYPE = "sendmail";
    #    FROM = "do-not-reply@example.org";
    #    SENDMAIL_PATH = "${pkgs.system-sendmail}/bin/sendmail";
    #  };
    #  other = {
    #    SHOW_FOOTER_VERSION = false;
    #  };
    #};
    #appName = "gitea: spis meg";
    appName = "gitea: private instance";
    settings.server.DOMAIN = mkDomain "gitea";
    #ssh.enable # default is true
    settings.server.ROOT_URL = "https://${settings.server.DOMAIN}/";
    #ssh.clonePort # default is 22
    #log.level = "Debug"; # default is "Info"
    #lfs.enable = true; # default is false
    settings.server.HTTP_PORT = 9675; # default is 3000
    settings.server.HTTP_ADDR = "127.0.0.1"; # default is "0.0.0.0"
    #extraConfig
    #database.type # default is "sqlite3"
    settings.session.COOKIE_SECURE = true; # default is false, only send cookies over https
    #stateDir # default is "/var/lib/gitea"
    #mailerPasswordFile # Path to a file containing the SMTP password
    #repositoryRoot # default is "${config.services.gitea.stateDir}/repositories"
    #log.rootPath # TODO: move?
    #lfs.contentDir
    #dump.enable # default is false
    settings.server.STATIC_ROOT_PATH = pkgs.symlinkJoin {
      name = "gitea-static-root-data";
      paths = let
        giteaModern = pkgs.fetchFromGitea { # https://codeberg.org/Freeplay/Gitea-Modern
          domain = "codeberg.org";
          owner = "Freeplay";
          repo = "Gitea-Modern";
          rev = "0c0a05e6f0496521c166402dd56441a714487fd8";
          sha256 = "q14E5ni2BvpGsmGOHWQgbCqD4lBh4bFtBFtIyNfAf0Q=";
        };
        giteaEarlGray = pkgs.fetchFromGitHub { # https://github.com/acoolstraw/earl-grey
          owner = "acoolstraw";
          repo = "earl-grey";
          rev = "a6ca3dd3b9e6b48f6e45032b2aa691c2f16dc9bc";
          sha256 = "55Piafc7kQ5hybwHQczx36AP+kX1AtWugxERYNdmqWk=";
        };
      in [
        config.services.gitea.package.data
        (pkgs.linkFarm "gitea-custom-dir" [
          { name = "public/css/theme-gitea-modern.css"; path = "${giteaModern}/Gitea/theme-gitea-modern.css"; }
          { name = "public/css/theme-earl-grey.css";    path = "${giteaEarlGray}/theme-earl-grey.css"; }
        ])
      ];
    };
    # https://docs.gitea.io/en-us/config-cheat-sheet/
    settings.ui.THEMES = "gitea,arc-green,earl-grey,gitea-modern";
    settings.ui.DEFAULT_THEME = "earl-grey";
  };
  services.nginx.virtualHosts.${mkDomain "gitea"} = lib.mkIf config.services.gitea.enable {
    forceSSL = true; # addSSL = true;
    enableACME = true; #useACMEHost = acmeDomain;
    locations."/" = {
      proxyPass = "http://127.0.0.1:${toString config.services.gitea.settings.server.HTTP_PORT}";
      proxyWebsockets = true;
    };
  };

}