{ config, lib, pkgs, ... }:

let cfg = config.sydnix.deertopia.gitea;
in {
  options.sydnix.deertopia.gitea = {
    enable = lib.mkEnableOption "Gitea";
  };

  config = lib.mkIf cfg.enable {
    sydnix.impermanence.directories = [
      {
	directory = config.services.gitea.stateDir;
	inherit (config.services.gitea) user group;
      }
    ];

    sydnix.deertopia.nginx.vhosts."git" = {
      directory = null;
      vhost = {
        forceSSL = true;
        enableACME = true;
        locations."/".extraConfig =
          let port = builtins.toString config.services.gitea
                      .settings.server.HTTP_PORT;
          in ''
            proxy_pass http://127.0.0.1:${port}/;
          '';
      };
    };

    users.users.git = {
      description = "Gitea Service";
      home = config.services.gitea.stateDir;
      useDefaultShell = true;
      group = config.services.gitea.group;
      isSystemUser = true;
    };

    users.groups.git = { };

    # sudo -u git gitea admin auth add-ldap --name gitea --port 3890 --bind-dn 'uid=gitea,ou=people,dc=deertopia,dc=net' --bind-password «password» --user-search-base 'ou=people,dc=deertopia,dc=net' --user-filter '(&(memberof=cn=git,ou=groups,dc=deertopia,dc=net)(|(uid=%[1]s)(mail=%[1]s)))' --username-attribute uid --firstname-attribute givenName --surname-attribute sn --email-attribute mail --avatar-attribute jpegPhoto --security-protocol unencrypted --host 127.0.0.1 --config /var/lib/gitea/custom/conf/app.ini --synchronize-users

    services.gitea = {
      enable = true;
      user = "git";
      group = "git";
      appName = "GupHub"; # Name per my darling Colestar ♥
      settings = {
	server = {
	  ROOT_URL = "https://git.deertopia.net/";
	  HTTP_PORT = 3000;
	  DOMAIN = "deertopia.net";
	};
	service = {
	  DISABLE_REGISTRATION = true;
	};
      };
    };
  };
}