{ config, lib, ... }:

let
  domain = "git.giugl.io";
in
{
  architect = {
    firewall.openTCP = [ config.services.gitea.settings.server.SSH_PORT ];
    vhost.${domain} = {
      dnsInterfaces = [ "lan" "tailscale" ];
      locations."/" = {
        port = config.services.gitea.settings.server.HTTP_PORT;
        allowWAN = true;
      };
    };
  };

  services.gitea = {
    enable = true;
    database.type = "sqlite3";
    appName = "Gitea";
    # https://github.com/NixOS/nixpkgs/issues/235442#issuecomment-1574329453
    lfs.enable = true;
    settings = {
      server = {
        DOMAIN = domain;
        ROOT_URL = "https://${domain}";
        SSH_PORT = 22;
        HTTP_PORT = 3001;
      };
      openid.enable_openid_signin = true;
    };
  };
}