{ config, lib, pkgs, ... }:
let
    fqdn = "gitea.${config.networking.hostName}.${config.networking.domain}";
in {
  environment.systemPackages = [ pkgs.tea ];
  services.gitea = {
    enable = true;
    domain = "${fqdn}";
    rootUrl = if config.security.acme.acceptTerms then "https://${fqdn}" else "http://${fqdn}";
    httpAddress = "127.0.0.1";
    disableRegistration = true;
    settings = {
      server = {
        SSH_DOMAIN = "${fqdn}";
        LANDING_PAGE = "explore";
      };
      ui = {
        DEFAULT_THEME = "arc-green";
      };
      U2F = {
        APP_ID = if config.security.acme.acceptTerms then "https://${fqdn}" else "http://${fqdn}";
        TRUSTED_FACETS = if config.security.acme.acceptTerms then "https://${fqdn}" else "http://${fqdn}";
      };
    };
  };
  helpers.webservices."${fqdn}" = {
    port = config.services.gitea.httpPort;
    auth = false;
  };
}