{ config, lib, ... }:

with lib;

mkIf (elem "gitea" config.machine.services) {
  services = {
    gitea = let
      cfg = config.machine;
      domain = (findFirst (s: s.service == "gitea") cfg cfg.vHosts).domain;
    in {
      enable = true;
      user = "git";
      cookieSecure = true;
      domain = domain;
      rootUrl = "http://${domain}/";
      database = {
        type = "mysql";
        user = "git";
        name = "gitea";
        passwordFile = "${cfg.secretPath}/gitea_db";
      };
      settings = {
        repository = {
          DISABLE_HTTP_GIT = false;
          USE_COMPAT_SSH_URI = true;
        };

        security = {
          INSTALL_LOCK = true;
          COOKIE_USERNAME = "gitea_username";
          COOKIE_REMEMBER_NAME = "gitea_userauth";
        };

        service = {
          DISABLE_REGISTRATION = (lib.mkForce true);
       };
      };
    };

#    mysql = let
#      cfg = config.services.gitea.database;
#    in {
#      ensureDatabases = [ cfg.name ];
#      ensureUsers = [{
#        name = cfg.user;
#        ensurePermissions = {
#          "${cfg.name}.*" = "ALL PRIVILEGES";
#        };
#      }];
#    };
  };

  users.users.git = {
    description = "Gitea Service";
    isNormalUser = true;
    home = config.services.gitea.stateDir;
    createHome = true;
    useDefaultShell = true;
  };
}