{ config, ... }:
{
  #imports = let
  #  # replace this with an actual commit id or tag
  #  commit = "298b235f664f925b433614dc33380f0662adfc3f";
  #in [ 
  #  "${builtins.fetchTarball {
  #    url = "https://github.com/Mic92/sops-nix/archive/${commit}.tar.gz";
  #    # replace this with an actual hash
  #    sha256 = "004949033dprls9qg849yks2rbjdlf5hr2v8pk890gyxaffj2m1c";
  #  }}/modules/sops"
  #];


  #sops.age.keyFile = "/secrets/age/keys.txt";

  services.nginx.clientMaxBodySize = "512m";
  services.nginx.virtualHosts."git.vitrial.xyz" = {
    enableACME = true;
    forceSSL = true;
    locations."/" = {
      proxyPass = "http://localhost:3000/";
    };
  };

  #sops.secrets."postgres/gitea_dbpass" = {
  #  sopsFile = ../.secrets/postgres.yaml; # bring your own password file
  #  owner = config.services.gitea.user;
  #};

  #services.gitea = {
  #  enable = true;
  #  appName = "My awesome Gitea server"; # Give the site a name
  #  database = {
  #    type = "postgres";
  #    passwordFile = config.sops.secrets."postgres/gitea_dbpass".path;
  #  };
  #  domain = "gitea.vitrial.xyz";
  #  rootUrl = "http://gitea.vitrial.xyz/";
  #  httpPort = 3001;
  #};
  #services.postgresql = {
  #  ensureDatabases = [ config.services.gitea.user ];
  #  ensureUsers = [
  #    {
  #      name = config.services.gitea.database.user;
  #      ensurePermissions."DATABASE ${config.services.gitea.database.name}" = "ALL PRIVILEGES";
  #    }
  #  ];
  #};
  services.gitea = {
    enable = true;
    lfs.enable = true;
    stateDir = "/mnt/gitea";
    useWizard = false; # broken
    group = "data";
    settings = {
      server = {
        HTTP_PORT = 3000;
        ROOT_URL = "http://git.vitrial.xyz:3000/";
        DOMAIN = "git.vitrial.xyz";
        SSH_DOMAIN = "git.vitrial.xyz";
      };
      service = {
        DISABLE_REGISTRATION = true;
      };
      actions = {
        ENABLED = true;
        MAX_SIZE = 65536;
      };
    };
  };
}