{
  config,
  lib,
  ...
}:
let
  inherit (config.machine.forgejo)
    enable
    database
    domain
    port
    ;
in
{
  environment.systemPackages = lib.optionals enable [
    config.services.forgejo.package
  ];

  services.openssh.settings.AllowUsers = [
    "forgejo"
  ];

  services.forgejo = {
    inherit enable;
    database = {
      type = "postgres";
      inherit (database) host;
      inherit (database) port;
    };
    lfs.enable = true;
    settings = {
      DEFAULT = {
        APP_NAME = "RuJect Forgejo";
      };
      server = {
        DOMAIN = if (domain != null) then domain else "[::1]";
        ROOT_URL = if (domain != null) then "https://${domain}/" else "http://[::1]/";
        HTTP_PORT = port;
      };
      service = {
        SHOW_REGISTRATION_BUTTON = true;
        REGISTER_EMAIL_CONFIRM = true;
        ENABLE_NOTIFY_MAIL = true;
      };
      "repository.signing" = {
        DEFAULT_TRUST_MODEL = "committer";
      };
      actions = {
        ENABLED = true;
        DEFAULT_ACTIONS_URL = "github";
      };
      picture = {
        AVATAR_MAX_FILE_SIZE = 10485760;
        AVATAR_MAX_WIDTH = 8192;
        AVATAR_MAX_HEIGHT = 8192;
        AVATAR_MAX_ORIGIN_SIZE = 5242880;
      };
      ui = {
        DEFAULT_THEME = "catppuccin-mocha";
        THEMES = "forgejo-auto,forgejo-light,forgejo-dark,catppuccin-mocha";
      };
    };
  };
}