{ lib, pkgs, config, ... }:
let
  domain = "forge.tiqa.fr";
  srv = config.services.forgejo.settings.server;
in
{
  security.acme = {
    defaults.email = "jalil@arfaoui.net";
    certs = {
      "forge.tiqa.fr" = {};
    };
    acceptTerms = true;
  };

  services.nginx = {
    enable = true;
    recommendedGzipSettings = true;

    virtualHosts.${domain} = {
      forceSSL = true;
      enableACME = true;
      extraConfig = ''
        client_max_body_size 512M;
      '';
      locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
    };
  };

  users.groups.forgejo = {};
  users.users.forgejo = {
    isSystemUser = true;
    useDefaultShell = true;
    group = "forgejo";
    home = config.services.forgejo.stateDir;
  };

  services.forgejo = {
    enable = true;
    database.type = "postgres";
    # Enable support for Git Large File Storage
    lfs.enable = true;
    settings = {
      DEFAULT = {
        APP_NAME = "La Forge de Tiqa";
      };
      server = {
        DOMAIN = domain;
        # You need to specify this to remove the port from URLs in the web UI.
        ROOT_URL = "https://${domain}/";
        HTTP_PORT = 3000;
        LANDING_PAGE = "explore";
      };
      service = {
        DISABLE_REGISTRATION = true;
        ACTIVE_CODE_LIVE_MINUTES = 1440;
        RESET_PASSWD_CODE_LIVE_MINUTES = 1440;
        ENABLE_NOTIFY_MAIL = true;
        DEFAULT_ALLOW_CREATE_ORGANIZATION = false;
        DEFAULT_USER_IS_RESTRICTED = true;
        DEFAULT_USER_VISIBILITY = "private";
        DEFAULT_ORG_VISIBILITY = "private";
      };
      "service.explore" = {
        DISABLE_USERS_PAGE = true;
      };
      # Add support for actions, based on act: https://github.com/nektos/act
      actions = {
        ENABLED = true;
        DEFAULT_ACTIONS_URL = "github";
      };
      "ui.meta" = {
        AUTHOR = "Jalil Arfaoui";
        DESCRIPTION = "La Forge de Jalil Arfaoui";
      };
      # Sending emails is completely optional
      # You can send a test email from the web UI at:
      # Profile Picture > Site Administration > Configuration >  Mailer Configuration
      mailer = {
        ENABLED = true;
        SMTP_ADDR = "smtp.gmail.com";
        FROM = "jalil@arfaoui.net";
        USER = "jalil@arfaoui.net";
      };
    };
    mailerPasswordFile = config.users.users.forgejo.home + "/forgejoMailerPassword";
  };

#  age.secrets.forgejo-mailer-password = {
#    file = /root/forgejoMailerPassord;
#    mode = "400";
#    owner = "forgejo";
#  };
}