{ config, pkgs, inputs, lib, ... }:
let
  httpPort = 8083;
  sshPort = 2222;
  domain = "git.cyplo.dev";
  baseurl = "https://${domain}";
  path = "/var/lib/gitea";
in {
  imports = [ ../nginx.nix ];

  networking.firewall.allowedTCPPorts = [ sshPort ];
  services.nginx = {
    virtualHosts = {
      "${domain}" = {
        forceSSL = true;
        enableACME = true;
        locations."/" = {
          proxyPass = "http://localhost:" + toString httpPort;
        };
      };
    };
  };

  containers.gitea = {
    autoStart = true;
    forwardPorts = [
      {
        containerPort = httpPort;
        hostPort = httpPort;
      }
      {
        containerPort = sshPort;
        hostPort = sshPort;
      }
    ];
    bindMounts = {
      "${path}" = {
        hostPath = "${path}";
        isReadOnly = false;
      };
    };
    config = { config, pkgs, ... }: {
      system.stateVersion = "22.05";
      services.gitea = {
        enable = true;
        domain = domain;
        rootUrl = baseurl;
        httpPort = httpPort;
        disableRegistration = true;
        stateDir = path;
        ssh = {
          enable = true;
          clonePort = sshPort;
        };
        settings = { server = { START_SSH_SERVER = true; }; };
      };
    };
  };
}