{ config, pkgs, lib, ... }:
let cfg = config.my.services.gitea;
in {
  options.my.services.gitea = with lib; {
    enable = mkEnableOption "gitea git server";
    stateDir = mkOption {
      type = types.str;
      example = "/var/lib/gitea";
      description = "gitea base directory";
    };
  };

  config = lib.mkIf cfg.enable {
    users.users.git = {
      description = "Gitea Service";
      home = cfg.stateDir;
      useDefaultShell = true;
      group = "git";
      isSystemUser = true;
    };
    users.groups.git = { };

    services.gitea = {
      enable = true;
      user = "git";
      domain = "git.fcuny.net";
      appName = "git.fcuny.net";
      rootUrl = "https://git.fcuny.net/";
      httpAddress = "127.0.0.1";
      httpPort = 8002;
      log.level = "Error";
      settings = {
        other.SHOW_FOOTER_VERSION = false;
        metrics.ENABLED = true;
        metrics.ENABLED_ISSUE_BY_REPOSITORY = true;
      };
      dump.enable = false;
      database = {
        type = "sqlite3";
        user = "git";
      };
    };

    services.nginx.virtualHosts."git.fcuny.net" = {
      forceSSL = true;
      enableACME = true;
      locations."/" = {
        proxyPass = "http://127.0.0.1:8002";
        proxyWebsockets = true;
      };
    };

    services.prometheus.scrapeConfigs = [{
      job_name = "gitea";
      metrics_path = "/metrics";
      scheme = "https";
      scrape_interval = "30s";
      static_configs = [{ targets = [ "git.fcuny.net" ]; }];
    }];

    my.services.backup = { paths = [ cfg.stateDir ]; };
  };
}