{ config, ... }:
let
  cfg = config.services.forgejo;
  srv = cfg.settings.server;
in {
  services.nginx.virtualHosts.${srv.DOMAIN} = {
    forceSSL = true;
    enableACME = true;
    extraConfig = ''
      client_max_body_size 512M;
    '';
    locations."/".proxyPass = "http://localhost:${builtins.toString srv.HTTP_PORT}";
  };

  services.forgejo = {
    enable = true;
    user = "git";
    group = cfg.user;
    database.user = cfg.user;
    
    settings = {
      DEFAULT.APP_NAME = "Code by toki!";

      server = {
        DOMAIN = "git.tokinanpa.dev";
        ROOT_URL = "https://${srv.DOMAIN}/";
      };

      service.DISABLE_REGISTRATION = true;

      repository = {
        DEFAULT_REPO_UNITS = "repo.code,repo.issues,repo.pulls";

        ENABLE_PUSH_CREATE_USER = true;
        DEFAULT_PUSH_CREATE_PRIVATE = false;

        PREFERRED_LICENSES = "MIT,GPL-3.0-or-later";
      };
      mirror.DEFAULT_INTERVAL = "1h";

      indexer = {
        REPO_INDEXER_ENABLED = true;
        REPO_INDEXER_EXCLUDE = "**.pdf, **.png, **.jpg, **.jpeg, **.svg, **.web, **.gpg, **.age";
      };

      ui = {
        DEFAULT_THEME = "forgejo-dark";
        GRAPH_MAX_COMMIT_NUM = 250;     
      };
      "ui.meta" = {
        AUTHOR = "Kiana Sheibani";
        DESCRIPTION = "Code by toki! Powered by Forgejo";
        KEYWORDS = "git,forge,forgejo,toki,tokinanpa";
      };
      "service.explore".DISABLE_USERS_PAGE = true;

      federation.ENABLED = true;
    };
  };

  systemd.tmpfiles.rules = [
    "L+ ${cfg.stateDir}/custom/templates - - - - ${./forgejo-templates}"
  ];

  users.users.${cfg.user} = {
    home = cfg.stateDir;
    useDefaultShell = true;
    group = cfg.group;
    isSystemUser = true;
  };
  users.groups.${cfg.group} = {};

  services.openssh.enable = true;
  services.openssh.settings.AcceptEnv = "GIT_PROTOCOL";
}