{ lib, config, ... }:
let
  cfg = config.services.forgejo;
  srv = cfg.settings.server;
in
{
  services.nginx.virtualHosts."git.henri-saudubray.fr" = {
    forceSSL = true;
    enableACME = true;
    extraConfig = ''
      client_max_body_size 512M;
    '';
    locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
  };

  services.forgejo = {
    enable = true;
    database.type = "postgres";
    lfs.enable = true;
    settings = {
      server = {
        DOMAIN = "git.henri-saudubray.fr";
        ROOT_URL = "https://${srv.DOMAIN}/";
        HTTP_PORT = 3000;
        SSH_PORT = lib.head config.services.openssh.ports;
      };

      service.DISABLE_REGISTRATION = true;

      ui = {
        DEFAULT_THEME = "custom";
        THEMES = "forgejo-auto,forgejo-light,forgejo-dark,custom";
      };
    };
  };

  systemd.tmpfiles.rules =
    let
      forgejo-dir = config.services.forgejo.customDir;
    in
    [
      "d '${forgejo-dir}/templates' - forgejo forgejo - -"
      "d '${forgejo-dir}/public' - forgejo forgejo - -"
      "d '${forgejo-dir}/public/assets' - forgejo forgejo - -"
      "d '${forgejo-dir}/public/assets/css' - forgejo forgejo - -"
      "C+ '${forgejo-dir}/public/assets/css/theme-custom.css' - forgejo forgejo - ${./theme-custom.css}"
      "C+ '${forgejo-dir}/templates/home.tmpl' - forgejo forgejo - ${./home.tmpl}"
    ];
}