{
  config,
  lib,
  namespace,
  ...
}:
with lib;
let
  name = "gitea";
  cfg = config.${namespace}.services.${name};
  rootUrl = "https://gitea.${namespace}.dev/";
  mailerPasswordFile = config.sops.secrets."jallen-nas/gitea/mail-key".path;
  metricsTokenFile = config.sops.secrets."jallen-nas/gitea/metrics-key".path;

  giteaConfig = lib.${namespace}.mkModule {
    inherit config name;
    description = "Gitea";
    options = { };
    moduleConfig = {
      services.gitea = {
        enable = true;
        stateDir = "${cfg.configDir}/gitea";
        user = "nix-apps";
        group = "jallen-nas";
        mailerPasswordFile = mailerPasswordFile;
        metricsTokenFile = metricsTokenFile;
        settings = {
          server = {
            DOMAIN = "jallen-nas";
            HTTP_ADDR = cfg.listenAddress;
            HTTP_PORT = cfg.port;
            PROTOCOL = "http";
            ROOT_URL = rootUrl;
            START_SSH_SERVER = true;
            SSH_PORT = 2222;
          };
          service = {
            REGISTER_EMAIL_CONFIRM = false;
            ENABLE_CAPTCHA = false;
            DISABLE_REGISTRATION = true;
            ENABLE_OPENID_SIGNIN = false;
            ENABLE_LDAP_SIGNIN = false;
            ENABLE_SSH_SIGNIN = true;
            ENABLE_BUILTIN_SSH_SERVER = true;
            ENABLE_REVERSE_PROXY_AUTHENTICATION = true;
          };
        };
      };
    };
  };
in
{
  imports = [ giteaConfig ];
}