{ config, lib, pkgs, ... }:

let
  cfg = config.services.forgejo;
  domain = "code.itamar.site";
in {
  services.nginx = {
    enable = true;
    virtualHosts.${domain} = {
      forceSSL = true;
      enableACME = true;
      extraConfig = ''
        client_max_body_size 512M;
      '';
      locations."/" = {
        proxyPass = "http://127.0.0.1:3000";
        proxyWebsockets = true;
        extraConfig = ''
          proxy_read_timeout 3600s;
        '';
      };
    };
  };

  security.acme = {
    acceptTerms = true;
    defaults.email = "itamar@itamar.site";
  };

  services.forgejo = {
    enable = true;
    database.type = "postgres";
    lfs.enable = true;

    settings = {
      server = {
        DOMAIN = domain;
        ROOT_URL = "https://${domain}/";
        HTTP_PORT = 3000;
        HTTP_ADDR = "127.0.0.1";
        SSH_DOMAIN = domain;
        SSH_PORT = 22;
        START_SSH_SERVER = true;
      };

      service = {
        DISABLE_REGISTRATION = true;
        REQUIRE_SIGNIN_VIEW = false;
      };

      repository = {
        DEFAULT_BRANCH = "main";
      };

      ui.DEFAULT_THEME = "forgejo-auto";

      actions = {
        ENABLED = true;
        DEFAULT_ACTIONS_URL = "github";
      };
    };
  };

  networking.firewall.allowedTCPPorts = [ 22 80 443 ];
}