{ config, pkgs, lib, ... }:

{
  imports = [ ./flowback-options.nix ];

  services.nginx.enable = true;

  security.acme.acceptTerms = true;
  security.acme.defaults.email = "new.fadi.b@gmail.com";

  services.forgejo = {
    enable = true;
    settings = {
      server = {
        DOMAIN = config.services.flowback.forgejoHost;
        ROOT_URL = "https://${config.services.flowback.forgejoHost}/";
        HTTP_PORT = 3000;
      };
      service = {
        DISABLE_REGISTRATION = true;
      };
    };
    # Database defaults are okay to start; you can move to Postgres if desired
  };

  services.nginx.virtualHosts.${config.services.flowback.forgejoHost} = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://127.0.0.1:3000";
      proxyWebsockets = true;
    };
  };

  networking.firewall.allowedTCPPorts = [ 22 ];
}