{ self, config, lib, pkgs, ... }:

{
  environment.systemPackages = [ pkgs.gitea ];

  services.gitea = {
    enable = true;
    stateDir = "/var/lib/gitea";

    appName = "Vapor Git: producing vaporware since 1999";
    database = {
      type = "postgres";
      name = "gitea";
      user = "gitea";
      createDatabase = true;
    };

    settings = {
      server = {
        DOMAIN = "git.vapor.systems";
        ROOT_URL = "https://git.vapor.systems";
        PROTOCOL = "http+unix";
        HTTP_ADDR = "/run/gitea/http.sock";
      };

      oauth2_client = {
        REGISTER_EMAIL_CONFIRM = false;
        OPENID_CONNECT_SCOPES = "email profile";
        ENABLE_AUTO_REGISTRATION = true;
        ACCOUNT_LINKING = "auto";
      };

      service = {
        DISABLE_REGISTRATION = true;
      };
    };
  };

  security.acme.certs = {
    "vapor.systems" = {
      extraDomainNames = [ "*.vapor.systems" ];
    };
  };

  services.nginx = {
    enable = true;
    virtualHosts."git.vapor.systems" =
      self.lib.nginx.proxyDomain "vapor.systems" "http://unix:/run/gitea/http.sock";
  };
}