{ config, ... }:
{
  networking.firewall.allowedTCPPorts = [
    80
    443
  ];

  security.acme = {
    acceptTerms = true;
    defaults.email = "vili.m.sinerva@gmail.com";
  };

  services = {
    gitea = {
      enable = true;
      lfs.enable = true;
      appName = "Gitea for Vili Sinervä";
      mailerPasswordFile = "${config.services.gitea.stateDir}/smtp_pass";

      settings = {
        repository = {
          ENABLE_PUSH_CREATE_USER = true;
        };
        ui.DEFAULT_SHOW_FULL_NAME = true;
        "ui.meta".AUTHOR = "Gitea, hosted by Vili Sinervä";
        server = {
          DOMAIN = "gitea.sinerva.eu";
          HTTP_PORT = 8000;
          ROOT_URL = "https://${config.services.gitea.settings.server.DOMAIN}";
        };
        service.DISABLE_REGISTRATION = true; # Disable for initial setup
        session.COOKIE_SECURE = true;
        mailer = {
          ENABLED = true;
          SMTP_ADDR = "smtp.gmail.com";
          SMTP_PORT = 587;
          USER = "vmsskv12@gmail.com"; # Password set in file
          FROM = "gitea@sinerva.eu";
        };
        cron = {
          ENABLED = true;
          RUN_AT_START = true;
        };
        time.DEFAULT_UI_LOCATION = "Europe/Helsinki";
      };
    };

    nginx = {
      enable = true;
      recommendedGzipSettings = true;
      recommendedOptimisation = true;
      recommendedTlsSettings = true;
      recommendedProxySettings = true;

      virtualHosts.${config.services.gitea.settings.server.DOMAIN} = {
        enableACME = true;
        forceSSL = true;
        kTLS = true;
        locations."/" = {
          proxyPass = "http://localhost:8000";
        };
      };
    };
  };
}