{
  config,
  pkgs,
  lib,
  ...
}: let
  host = "127.0.0.1";
  port = 6969;
in {
  services.forgejo = {
    enable = true;

    lfs.enable = true;
    database.type = "postgres";

    settings = {
      DEFAULT = {
        APP_NAME = "An idiot admires complexity. A genius admires simplicity";
      };

      server = {
        DOMAIN = "git.spoodythe.one";
        HTTP_PORT = port;
        ROOT_URL = "http://${host}:${toString port}";
      };

      service.DISABLE_REGISTRATION = true;
      actions = {
        ENABLED = true;
        DEFAULT_ACTIONS_URL = "https://code.forgejo.org";
      };
      federation.ENABLED = false;
    };
  };

  networking.firewall.allowedTCPPorts = [80 443];
  networking.firewall.allowedUDPPorts = [80 443];

  services.nginx = {
    enable = true;
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;

    virtualHosts."git.spoodythe.one" = {
      addSSL = true;
      enableACME = true;
      locations."/" = {
        proxyPass = "http://${host}:${toString port}";
      };
    };
  };

  security.acme.acceptTerms = true;
  security.acme.defaults.email = "snorre@altschul.dk";
}