{ config, pkgs, ... }:
{
  services.gitea = rec {
    enable = true;
    stateDir = "/srv/git.gebner.org";
    appName = "Gabriel Ebner's git server";
    domain = "git.gebner.org";
    rootUrl = "https://git.gebner.org/";
    httpPort = 8001;
    cookieSecure = true;
    log.level = "Info";
    disableRegistration = true;
    settings = {
      picture = {
        DISABLE_GRAVATAR = "false";
        AVATAR_UPLOAD_PATH = "${stateDir}/data/avatars";
      };
    };
  };

  environment.systemPackages = [
    (let cfg = config.services.gitea; in pkgs.writeScriptBin "gitea" ''
      exec ${pkgs.sudo}/bin/sudo -u ${cfg.user} \
        env GITEA_WORK_DIR=${cfg.stateDir} ${pkgs.gitea}/bin/gitea "$@"
    '')
  ];

  services.nginx = {
    recommendedProxySettings = true;
    virtualHosts."git.gebner.org" = {
      forceSSL = true;
      useACMEHost = "gebner.org";
      locations."/" = {
        proxyPass = "http://127.0.0.1:${toString config.services.gitea.httpPort}";
        extraConfig = ''
          proxy_buffering off;
          client_max_body_size 256M;
        '';
      };
    };
  };
}