{ pkgs, lib, ... }: 
{
  name = "gitea";
  config = {
    services.gitea = {
      enable = true;
      appName = "My awesome Gitea server"; # Give the site a name
      user = "git";
      database = {
        type = "postgres";
        host = "postgres.containers";
        port = 3306;
        name = "gitea";
        user = "gitea";
        createDatabase = false;
        passwordFile = ../secrets/gitea_postgres_pass;
      };
      settings.server = {
        DOMAIN = "localhost";
        ROOT_URL = "http://localhost/";
        HTTP_PORT = 3001;
      };
      settings.actions = {
        ENABLED = true;
      };
    };

    services.openssh = {
      enable = true;
      settings = {
        PermitRootLogin = "no";
        PasswordAuthentication = false;
      };
    };

    users.users.git = {
      home = "/var/lib/gitea";
      group = "git";
      shell = pkgs.bashInteractive;
      isSystemUser = true;
    };

    users.groups.git = {};
  };
  ports = {
    tcp = [ 3001 22 ];
    udp = [];
    http = 3001;
    forward = [ { container = 22; host = 22; proto = "tcp"; } ];
  };
  hosts = [ "githug.xyz" ];
  volumes = [{
    name = "gitea-statedir";
    mountPoint = "/var/lib/gitea";
  }];
}