{ config, pkgs, ... }: {
  imports = [ ../../common ../../common/lxc.nix ];
  networking.hostName = "gitea";
  system.stateVersion = "21.11";

  environment.systemPackages = with pkgs; [ gnupg unzip ];

  networking.firewall.enable = false;
  networking.firewall.allowedTCPPorts = [ 3000 ];
  services.openssh.permitRootLogin = "no";
  services.openssh.passwordAuthentication = false;

  # The db can only be accessed from the machine anyways
  # so the password is just set to x
  environment.etc.giteaPass = {
    enable = true;
    text = "x";
  };

  services.gitea = {
    enable = true;
    ssh = { clonePort = 4321; };
    lfs.enable = true;

    appName = "Voidcorp Gitea";
    domain = "git.asraphiel.dev";
    rootUrl = "https://git.asraphiel.dev/";
    database = {
      type = "postgres";
      host = "postgres.lxd";
      name = "gitea";
      user = "gitea";
      passwordFile = "/etc/giteaPass";
      createDatabase = false;
    };

    cookieSecure = true;
    disableRegistration = true;
  };
}