{ config, ... }:
{
  services.nginx.virtualHosts."git.skymath.duckdns.org" = {
    enableACME = true;
    forceSSL = true;
    locations."/" = {
      proxyPass = "http://localhost:3001/";
    };
  };

  services.postgresql = {
    ensureDatabases = [ config.services.gitea.user ];
    ensureUsers = [
      {
        name = config.services.gitea.database.user;
        ensureDBOwnership = true;
      }
    ];
  };

  #sops.secrets."postgres/gitea_dbpass" = {
  #  sopsFile = ../.secrets/postgres.yaml; # bring your own password file
  #  owner = config.services.gitea.user;
  #};

  services.gitea = {
    enable = true;
    appName = "Fallingsky04's Gitea Server <3"; # Give the site a name
    database = {
      type = "postgres";
      passwordFile = "/run/keys/gitea-dbpassword"; # config.sops.secrets."postgres/gitea_dbpass".path
    };
    settings.server = {
      DOMAIN = "git.skymath.duckdns.org";
      ROOT_URL = "https://git.skymath.duckdns.org/";
      HTTP_PORT = 3001;
    };
  };
}