{
  config,
  lib,
  pkgs,
  ...
}:
let
  base_path = "/ZFS/ZFS-primary/gitea";
in
{
  services.gitea = {
    enable = true;
    appName = "Nayeonie's Trove";
    database = {
      type = "postgres";
      passwordFile = config.sops.secrets."gitea/dbpass".path;
      createDatabase = false;
      host = "127.0.0.1";
      name = "giteadb";
      port = 5433;
    };
    settings = {
      server = {
        DOMAIN = "nayeonie.com";
        ROOT_URL = "https://nayeonie.com/";
        HTTP_PORT = 6443;
        SSH_PORT = 2222;
        SSH_LISTEN_PORT = 2223;
        START_SSH_SERVER = true;
        PUBLIC_URL_DETECTION = "auto";
      };
      repository = {
        ENABLE_PUSH_CREATE_USER = true;
        DEFAULT_MERGE_STYLE = "rebase-merge";

      };
      service = {
        DISABLE_REGISTRATION = true;
      };
      log = {
        LEVEL = "Trace";
        ENABLE_SSH_LOG = true;
      };
      "log.console-warn" = {
        LEVEL = "Trace";
        ENABLE_SSH_LOG = true;
      };
      cache = {
        enabled = true;
        dir = "";
        host = "192.168.76.2";
        port = "8088";
      };
      "storage.minio" = {
        STORAGE_TYPE = "minio";
        MINIO_ENDPOINT = "minio.nayeonie.com";
        MINIO_BUCKET = "gitea";
        MINIO_LOCATION = "us-east-1";
        MINIO_USE_SSL = true;
        MINIO_INSECURE_SKIP_VERIFY = false;
        MINIO_BUCKET_LOOKUP_TYPE = "auto";
      };
    };
    stateDir = base_path;
    lfs.enable = true;
    recommendedDefaults = true;
  };

  systemd.services.gitea = {
    requires = [ "docker.service" ];
    after = [ "docker.service" ];
  };

  networking.firewall.allowedTCPPorts = [ 6443 ];

  sops.secrets = {
    "gitea/dbpass".owner = "gitea";
    "gitea/minio".owner = "gitea";
  };
}