{ ... }:

{
  services.gitea = {
    enable = true;
    appName = "clerie Git";

    database = {
      createDatabase = false;
      type = "postgres";
      name = "gitea";
      user = "gitea";
      socket = "/run/postgresql";
    };
    lfs.enable = true;
    settings = {
      log = {
        LEVEL = "Warn";
      };
      database = {
        CHARSET = "utf8";
      };
      repository = {
        ENABLE_PUSH_CREATE_USER = true;
        ENABLE_PUSH_CREATE_ORG = true;
        DEFAULT_PRIVATE = true;
      };
      server = {
        ROOT_URL = "https://git.clerie.de/";
        DOMAIN = "git.clerie.de";
        HTTP_ADDRESS = "::1";
        HTTP_PORT = 3000;
        OFFLINE_MODE = true;
        LANDING_PAGE = "explore";
      };
      mailer = {
        enabled = false;
      };
      service = {
        DISABLE_REGISTRATION = true;
        REGISTER_EMAIL_CONFIRM = false;
        ENABLE_NOTIFY_MAIL = false;
        ALLOW_ONLY_EXTERNAL_REGISTRATION = false;
        ENABLE_CAPTCHA = false;
        REQUIRE_SIGNIN_VIEW = false;
        DEFAULT_KEEP_EMAIL_PRIVATE = true;
        DEFAULT_ALLOW_CREATE_ORGANIZATION = true;
        DEFAULT_ENABLE_TIMETRACKING = false;
      };
      picture = {
        DISABLE_GRAVATAR = true;
        ENABLE_FEDERATED_AVATAR = false;
      };
      openid = {
        ENABLE_OPENID_SIGNIN = false;
        ENABLE_OPENID_SIGNUP = false;
      };
      session = {
        COOKIE_SECURE = true;
      };
      indexer = {
        REPO_INDEXER_ENABLED = true;
      };
    };
  };

  services.postgresql = {
    ensureDatabases = [ "gitea" ];
    ensureUsers = [
      {
        name = "gitea";
        ensureDBOwnership = true;
      }
    ];
  };

  services.nginx.virtualHosts = {
    "git.clerie.de" = {
      enableACME = true;
      forceSSL = true;
      locations = {
        "/" = {
          proxyPass = "http://[::1]:3000";
        };
      };
      extraConfig = ''
        access_log /var/log/nginx/git.clerie.de.log combined_anon;
      '';
    };
  };
}