{ pkgs, ... }:
let gitea = {
      host = "10.10.0.1";
      local = "10.10.0.2";
    };
    secrets = import ./secrets/secrets.nix;
in
{
  # [CONTAINERS]
  containers.gitea = {
    autoStart = true;
    ephemeral = true;
    privateNetwork = true;
    hostAddress  = gitea.host;
    localAddress = gitea.local;
    config = ./guests/gitea.nix;
  };

  # [NGINX]
  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
    virtualHosts = {
      "localhost" = {
        locations."/".proxyPass = "http://${gitea.local}:3001";
      };
    };
  };

  # [NETWORK]
  networking.firewall.allowedTCPPorts = [ 80 ];
  networking.firewall.allowedUDPPorts = [ ];

  # VM test user
  users.users.admin.isSystemUser = true ;
  users.users.admin.hashedPassword = builtins.readFile ./secrets/admin_password;
  users.users.admin.group = "admin";
  users.groups.admin = {};


  system.stateVersion = "23.11";

}