{ lib, pkgs, config, ... }:

let
	domain = "git.project-a.space";
	ssh_port = 22;
	http_port = 3000;
in {
	services.forgejo = {
		enable = true;
		lfs.enable = true;
		database.type = "postgres";
		settings = {
			server = {
				DOMAIN = domain;
				ROOT_URL = "https://${domain}/";
				START_SSH_SERVER = true;
				SSH_DOMAIN = domain;
				SSH_PORT = ssh_port;
				SSH_LISTEN_PORT = ssh_port;
				SSH_LISTEN_HOST = "0.0.0.0";
				HTTP_PORT = http_port;
			};
			actions = {
				ENABLED = true;
				DEFAULT_ACTIONS_URL = "github";
			};
			federation.ENABLED = true;
			service.DISABLE_REGISTRATION = false;
			ui.SHOW_USER_EMAIL = false;
		};
	};

	systemd.sockets.forgejo = {
		requiredBy = [ "forgejo.service" ];
		wantedBy = [ "sockets.target" ];
		listenStreams = [ (toString ssh_port) ];
	};

	networking.firewall.allowedTCPPorts = [ ssh_port ];
}