{ config, pkgs, inputs, lib, ... }:
let
  httpPort = 8083;
  sshContainerPort = 22222;
  sshHostPort = 22;
  domain = "git.cyplo.dev";
  baseurl = "https://${domain}";
  path = "/var/lib/gitea";
in {
  imports = [ ../nginx.nix ];

  networking.firewall.allowedTCPPorts = [ sshHostPort ];
  services.nginx = {
    virtualHosts = {
      "${domain}" = {
        forceSSL = true;
        enableACME = true;
        locations."/" = {
          proxyPass = "http://localhost:" + toString httpPort;
        };
      };
    };
  };

  containers.gitea = {
    autoStart = true;
    forwardPorts = [
      {
        containerPort = httpPort;
        hostPort = httpPort;
      }
      {
        containerPort = sshContainerPort;
        hostPort = sshHostPort;
      }
    ];
    bindMounts = {
      "${path}" = {
        hostPath = "${path}";
        isReadOnly = false;
      };
    };
    config = { config, pkgs, lib, ... }: {
      system.stateVersion = "22.05";
      services.gitea = {
        enable = true;
        domain = domain;
        rootUrl = baseurl;
        httpPort = httpPort;
        disableRegistration = true;
        stateDir = path;
        settings = {
          server = {
            START_SSH_SERVER = true;
            SSH_PORT = sshHostPort;
            SSH_LISTEN_PORT = sshContainerPort;
            DISABLE_SSH = false;
          };
        };
      };
    };
  };
}