{ config, lib, pkgs, ... }:

let
  svc_domain = "git.${config.mine.shared.settings.domain}";
in {
  services.forgejo = {
    enable = true;
    stateDir = config.mine.zfsMounts."rpool/safe/svcs/forgejo";

    package = pkgs.forgejo.overrideAttrs (old: {
      patches = old.patches ++ [
        ./patches/signin-template.patch
        ./patches/link-accounts-template.patch
      ];
    });

    # use postgres, will create and start postgresql
    # itself, as well as databdase and user
    database.type = "postgres";

    settings = {
      server = {
        DOMAIN = svc_domain;
        ROOT_URL = "https://${svc_domain}";
        HTTPPORT = 3000;
      };

      # sync ldap and forgejo
      "cron.sync_external_users" = {
        RUN_AT_START = true;
        SCHEDULE = "@every 15m";
        UPDATE_EXISTING = true;
      };

      # disable registration, only account linking is possible
      service.DISABLE_REGISTRATION = true;
    };
  };

  services.nginx.virtualHosts."${svc_domain}" = {
    forceSSL = true;
    enableACME = true;
    extraConfig = ''
      client_max_body_size 512M;
    '';
    locations."/".proxyPass = "http://localhost:${builtins.toString config.services.forgejo.settings.server.HTTPPORT}";
  };

  # settings
  mine.shared.settings.forgejo.domain = svc_domain;
}