{ config, pkgs, ... }:
let
  cfg = config.services.forgejo;
  srv = cfg.settings.server;
in {
  services.nginx.virtualHosts.${srv.DOMAIN} = {
    forceSSL = true;
    enableACME = true;
    extraConfig = ''
      client_max_body_size 512M;
    '';
    locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
  };

  users.users.${cfg.user}.packages = with pkgs; [
    mandoc
    ttpre
  ];
  services.forgejo = {
    enable = true;
    database.type = "postgres";
    lfs.enable = true;
    settings = {
      server = {
        DOMAIN = "git.squi.bid";
        ROOT_URL = "https://${srv.DOMAIN}/";
        HTTP_PORT = 3000;
      };
      service = {
        ENABLE_CAPTCHA = true;
        REGISTER_MANUAL_CONFIRM = true; # all new users must be approved by me
      };
      ui.DEFAULT_THEME = "gitea-dark";
      repository = {
        DEFAULT_PUSH_CREATE_PRIVATE = false;
        ENABLE_PUSH_CREATE_USER = true;
      };
      "markup.mandoc" = {
        ENABLED = true;
        FILE_EXTENSIONS = ".1,.2,.3,.4,.5,.6,.7,.8,.9";
        RENDER_COMMAND = pkgs.writeShellScriptBin "mandoc-ttpre" ''
          ${pkgs.mandoc}/bin/mandoc -O fragment -Tutf8 -Kutf-8 "$1" | ${pkgs.ttpre}/bin/ttpre
          '' + "/bin/mandoc-ttpre";
        IS_INPUT_FILE = true;
      };
    };
  };
}