{ config, pkgs, ... }:

{
  services.gitea = rec {
    enable = true;
    domain = "gitea.c3d2.de";
    rootUrl = "https://${domain}/";
    ssh.clonePort = 2222;

    database = {
      type = "postgres";
      host = "127.0.0.1";
      name = "gitea";
      user = "gitea";
      passwordFile = "/etc/giteaPassword";
    };
    repositoryRoot = "/var/lib/gitea/repositories";

    disableRegistration = true;

    lfs.enable = true;

    dump = {
      ## Is a nice feature once we have a dedicated backup storage.
      ## For now it is disabled, since it delays `nixos-rebuild switch`.
      enable = false;
      backupDir = "/var/lib/gitea/dump";
    };

    settings = {
      server = {
        START_SSH_SERVER = true;
        SSH_DOMAIN = domain;
        SSH_PORT = ssh.clonePort;
      };
      mailer = {
        ENABLED = true;
        FROM  = "gitea@c3d2.de";
        MAILER_TYPE = "smtp";
        HOST = "mail.c3d2.de:465";
        IS_TLS_ENABLED = true;
      };
      service = {
        NO_REPLY_ADDRESS = "no_reply@c3d2.de";
        REGISTER_EMAIL_CONFIRM = true;
        ENABLE_NOTIFY_MAIL = true;
      };
    };
  };

  networking.firewall.allowedTCPPorts = [ 3000 2222 ];

  environment.systemPackages = with pkgs; [ postgresql unzip ];  ## used to restore database dumps
}