{config, pkgs, ... }: 
let utils = import ./utils.nix; in
{
  services.nginx.virtualHosts."git.antoinevaure.fr" = (utils.reverseProxy config.services.forgejo.settings.server.HTTP_PORT);

  services.fail2ban.jails.forgejo = {
    enabled = true;
    filter = "forgejo";
  };

  services.forgejo = {
    enable = true;
    lfs.enable = true;
    settings = {
      server = {
        DOMAIN = "git.antoinevaure.fr";
        ROOT_URL = "https://git.antoinevaure.fr/"; 
        HTTP_PORT = 3000;
      };
      # You can temporarily allow registration to create an admin user.
      service.DISABLE_REGISTRATION = true; 
      # Add support for actions, based on act: https://github.com/nektos/act
      actions = {
        ENABLED = true;
        # DEFAULT_ACTIONS_URL = "github";
      };

      repository = {
        ENABLE_PUSH_CREATE_USER = true;
        ENABLE_PUSH_CREATE_ORG = true;
      };
      # Sending emails is completely optional
      # You can send a test email from the web UI at:
      # Profile Picture > Site Administration > Configuration >  Mailer Configuration 
      # mailer = {
      #   ENABLED = true;
      #   SMTP_ADDR = "mail.example.com";
      #   FROM = "noreply@${srv.DOMAIN}";
      #   USER = "noreply@${srv.DOMAIN}";
      # };
    };
  };

  services.gitea-actions-runner = {
    package = pkgs.forgejo-actions-runner;
    instances.default = {
      enable = true;
      name = "monolith";
      url = "https://git.antoinevaure.fr";
      # Obtaining the path to the runner token file may differ
      # tokenFile should be in format TOKEN=<secret>, since it's EnvironmentFile for systemd
      tokenFile = /root/forgejo_runner_token;
      labels = [
        "native:host"
      ];
      hostPackages = with pkgs; [ bash coreutils gitMinimal config.nix.package ];
    };
  };
}