{ stdenv, conf, pkgs, ... }:

{
  services.gitea = {
    enable = true;
    user = "git";
    cookieSecure = true;
    domain = "git.ophanim.de";
    rootUrl = "http://git.ophanim.de/";
    database = {
      type = "mysql";
      user = "git";
      name = "gitea";
      passwordFile = "/secret/gitea";
    };
    extraConfig = ''
      [repository]
      DISABLE_HTTP_GIT = false
      USE_COMPAT_SSH_URI = true

      [security]
      INSTALL_LOCK = true
      COOKIE_USERNAME = gitea_username
      COOKIE_REMEMBER_NAME = gitea_userauth

      [service]
      DISABLE_REGISTRATION = true
    '';
  };

  users.users.git = {
    isNormalUser = true;
    home = "/var/lib/gitea";
    createHome = true;
  };
}