{ config, pkgs, lib, ... }:
let
  cfg = config.my.services.gitea;
  robots-deny = pkgs.writeText "robots.txt" ''
    User-agent: *
    Disallow: /
  '';
in
{
  options.my.services.gitea = with lib; {
    enable = mkEnableOption "gitea git server";
    stateDir = mkOption {
      type = types.str;
      example = "/var/lib/gitea";
      description = "gitea base directory";
    };
  };

  config = lib.mkIf cfg.enable {
    users.users.git = {
      description = "Gitea Service";
      home = cfg.stateDir;
      useDefaultShell = true;
      group = "git";
      isSystemUser = true;
    };
    users.groups.git = { };

    services.gitea = {
      enable = true;
      user = "git";
      domain = "git.fcuny.net";
      appName = "git.fcuny.net";
      rootUrl = "https://git.fcuny.net/";
      httpAddress = "127.0.0.1";
      httpPort = 8002;
      settings = {
        log = {
          level = "Error";
        };
        service = {
          ENABLE_USER_HEATMAP = false;
        };
        other = {
          SHOW_FOOTER_VERSION = false;
        };
        metrics = {
          ENABLED = true;
          ENABLED_ISSUE_BY_REPOSITORY = true;
        };
        repository = {
          ENABLE_PUSH_CREATE_USER = true;
          DEFAULT_BRANCH = "main";
        };
        server = {
          DISABLE_SSH = true;
        };
      };
      dump.enable = false;
      database = {
        type = "sqlite3";
        user = "git";
      };
    };

    services.nginx.virtualHosts."git.fcuny.net" = {
      forceSSL = true;
      enableACME = true;
      locations."/" = {
        proxyPass = "http://127.0.0.1:8002";
        proxyWebsockets = true;
      };
      locations."= /robots.txt".alias = robots-deny;
    };

    services.prometheus.scrapeConfigs = [{
      job_name = "gitea";
      metrics_path = "/metrics";
      scheme = "https";
      scrape_interval = "30s";
      static_configs = [{ targets = [ "git.fcuny.net" ]; }];
    }];

    my.services.backup = { paths = [ cfg.stateDir ]; };
  };
}