{
  config,
  lib,
  pkgs,
  ...
}:
let
  base_path = "/ZFS/ZFS-primary/gitea";
in
{
  services.gitea = {
    enable = true;
    appName = "The Hearth";
    database = {
      type = "postgres";
      passwordFile = config.sops.secrets."gitea/dbpass".path;
      createDatabase = false;
      host = "127.0.0.1";
      name = "giteadb";
      port = 5433;
    };
    settings = {
      server = {
        DOMAIN = "nayeonie.com";
        ROOT_URL = "https://nayeonie.com/";
        HTTP_PORT = 6443;
        SSH_PORT = 2222;
        SSH_LISTEN_PORT = 2223;
        START_SSH_SERVER = true;
      };
      service = {
        DISABLE_REGISTRATION = true;
      };
      log = {
        LEVEL = "Trace";
        ENABLE_SSH_LOG = true;
      };
      "log.console-warn" = {
        LEVEL = "Trace";
        ENABLE_SSH_LOG = true;
      };
      cache = {
        enabled = true;
        dir = "";
        host = "192.168.76.2";
        port = "8088";
      };
    };
    stateDir = base_path;
    lfs.enable = true;
    recommendedDefaults = true;
  };

  systemd.services.gitea = {
    requires = [ "docker.service" ];
    after = [ "docker.service" ];
  };

  networking.firewall.allowedTCPPorts = [ 6443 ];

  sops.secrets = {
    "gitea/dbpass".owner = "gitea";
  };
}