{
  config,
  lib,
  pkgs,
  ...
}:
let
  base_path = "/ZFS/ZFS-primary/gitea";
in
{
  services.gitea = {
    enable = true;
    appName = "The Hearth";
    database = {
      type = "postgres";
      passwordFile = config.sops.secrets."gitea/dbpass".path;
      createDatabase = false;
      host = "127.0.0.1";
      name = "giteadb";
      port = 5433;
    };
    settings = {
      server = {
        DOMAIN = "git.alicehuston.xyz";
        ROOT_URL = "https://git.alicehuston.xyz/";
        HTTP_PORT = 6443;
        SSH_PORT = 2222;
      };
      service = {
        DISABLE_REGISTRATION = true;
      };
    };
    stateDir = base_path;
    lfs.enable = true;
    recommendedDefaults = true;
  };

  networking.firewall.allowedTCPPorts = [ 6443 ];

  sops.secrets = {
    "gitea/dbpass".owner = "gitea";
  };
}