{ lib, ... }:

let
  domain = "git.giugl.io";
  network = import ./network.nix;
in {
  services.gitea = {
    enable = true;
    database.type = "sqlite3";
    domain = domain;
    appName = "Gitea";
    rootUrl = "https://${domain}";
    ssh.clonePort = 22;
    settings.server.LFS_START_SERVER = true;
  };

  services.nginx.virtualHosts.${domain} = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://127.0.0.1:3000";
      extraConfig = ''
        allow 127.0.0.1;
        allow 10.0.0.0/24;
        ${lib.concatMapStrings (x: "allow ${x};") network.gdevices-wg}
        allow 10.4.0.0/24;
        deny all;
      '';
    };
  };

  networking.extraHosts = ''
    ${network.architect-lan} ${domain}
    ${network.architect-wg} ${domain}
  '';

}