{
  lib,
  config,
  pkgs,
  ...
}:
let
  cfg = config.my.servers.gitea;
  setup = import ./setup.nix { inherit lib config; };
in
{
  options.my.servers.gitea = setup.mkOptions "gitea" "git" 9083;
  config.services = {
    sops.secrets = lib.mkIf cfg.enable { gitea.sopsFile = ../../secrets/env.yaml; };
    gitea = lib.mkIf cfg.enable {
      enable = true;
      domain = cfg.host;
      rootUrl = cfg.url;
      settings = {
        session.COOKIE_SECURE = true;
        server.HTTP_PORT = cfg.port;
        mailer = {
          ENABLED = true;
          PROTOCOL = "sendmail";
          FROM = config.my.smtpemail;
          SENDMAIL_PATH = "${pkgs.msmtp}/bin/msmtp";
        };
      };
      database = {
        socket = config.my.postgresSocket;
        type = "postgres";
        createDatabase = false;
      };
    };
    gitea-actions-runner.instances.ryujinx = {
      enable = true;
      url = cfg.url;
      name = "${config.networking.hostName}-ryujinx";
      tokenFile = config.sops.secrets.gitea.path;
      labels = [
        "ubuntu-latest:host"
        "ubuntu-20.04:host"
      ];
      hostPackages =
        let
          python3 = pkgs.python3.withPackages (
            ps:
            builtins.attrValues {
              inherit (ps)
                pyyaml
                lxml
                ;
            }
          );
        in
        builtins.attrValues {
          inherit python3;
          inherit (pkgs)
            bash
            coreutils
            curl
            gawk
            gitMinimal
            gnused
            nodejs
            wget
            gnutar
            gzip
            dotnet-sdk_8
            openal
            vulkan-loader
            libGL
            gtk3
            llvm_15
            rcodesign
            gh
            p7zip
            ;
          inherit (pkgs.xorg) libX11;
        };
    };
    nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverseFix cfg);
  };
}