{ config, ... }:

{
  # https://wiki.nixos.org/wiki/Forgejo
  services.forgejo = {
    enable = true;

    stateDir = config.mine.zfsMounts."rpool/safe/svcs/forgejo";

    settings = {
      server = {
        DOMAIN = "git.fricloud.dk";
        ROOT_URL = "https://git.fricloud.dk";
        HTTPPORT = 3000;
      };

      service.DISABLE_REGISTRATION = true;
    };
    
  };

  # TODO(eyJhb): remove after our ban expires (and nginx config)
  # already issued for this exact set of domains in the last 168 hours: git.fricloud.dk, retry after 2024-08-10T01:34:44Z
  security.acme.certs."git.fricloud.dk".extraDomainNames = [ "git2.fricloud.dk" ];

  services.nginx = {
    virtualHosts."git.fricloud.dk" = {
      forceSSL = true;
      enableACME = true;
      extraConfig = ''
        client_max_body_size 512M;
      '';
      locations."/".proxyPass = "http://localhost:3000";
    };
  };
}