{ config, lib, pkgs, ... }:
let
  port = 12345;
in
{
  services = {
    forgejo = {
      enable = true;
      lfs.enable = true;
      settings = {
        server = {
          HTTP_PORT = port;
        };
        service.DISABLE_REGISTRATION = true;
        actions = {
          ENABLED = true;
          DEFAULT_ACTIONS_URL = "github";
        };
        # mailer = {
        #   ENABLED = true;
        #   SMTP_ADDR = "mail.example.com";
        #   FROM = "noreply@${srv.DOMAIN}";
        #   USER = "noreply@${srv.DOMAIN}";
        # };
      };
      # mailerPasswordFile = config.age.secrets.forgejo-mailer-password.path;
    };

    # caddy.virtualHosts."gt.emenel.ca" = {
    #     serverAliases = [ "www.gt.emenel.ca" ];
    #     extraConfig = ''
    #     reverse_proxy http://localhost:${port} {
    #       header_down X-Real-IP {http.request.remote}
    #       header_down X-Forwarded-For {http.request.remote}
    #     }
    #     '';
    #   };
    };

    # gitea-actions-runner = {
    #   package = pkgs.forgejo-actions-runner;
    #   instances.default = {
    #     enable = true;
    #     name = "monolith";
    #     url = "https://git.example.com";
    #     # Obtaining the path to the runner token file may differ
    #     # tokenFile should be in format TOKEN=<secret>, since it's EnvironmentFile for systemd
    #     tokenFile = config.age.secrets.forgejo-runner-token.path;
    #     labels = [
    #       "ubuntu-latest:docker://node:16-bullseye"
    #       "ubuntu-22.04:docker://node:16-bullseye"
    #       "ubuntu-20.04:docker://node:16-bullseye"
    #       "ubuntu-18.04:docker://node:16-buster"
    #       ## optionally provide native execution on the host:
    #       # "native:host"
    #     ];
    #   };
    # };
  };

  environment.systemPackages = let
    cfg = config.services.forgejo;
    forgejo-cli = pkgs.writeScriptBin "forgejo-cli" ''
      #!${pkgs.runtimeShell}
      cd ${cfg.stateDir}
      sudo=exec
      if [[ "$USER" != forgejo ]]; then
        sudo='exec /run/wrappers/bin/sudo -u ${cfg.user} -g ${cfg.group} --preserve-env=GITEA_WORK_DIR --preserve-env=GITEA_CUSTOM'
      fi
      # Note that these variable names will change
      export GITEA_WORK_DIR=${cfg.stateDir}
      export GITEA_CUSTOM=${cfg.customDir}
      $sudo ${lib.getExe cfg.package} "$@"
  '';
  in [
    forgejo-cli
  ];

  sops.secrets.forgejo-emenel.owner = "forgejo";
  systemd.services.forgejo.preStart = let
    adminCmd = "${lib.getExe pkgs.forgejo} admin user";
    pwd = config.sops.secrets.forgejo-emenel;
    user = "emenel"; # Note, Forgejo doesn't allow creation of an account named "admin"
  in ''
  ${adminCmd} create --admin --email "matt@emenel.ca" --username ${user} --password "$(tr -d '\n' < ${pwd.path})" || true
  ## uncomment this line to change an admin user which was already created
  # ${adminCmd} change-password --username ${user} --password "$(tr -d '\n' < ${pwd.path})" || true
'';

}