{ inputs, lib, ... }:
let
  inherit (lib)
    singleton;
in
{
  flake.nixngConfigurations.gitea = inputs.nixng.nglib.makeSystem {
    system = "x86_64-linux";
    name = "nixng-gitea";
    inherit (inputs)
      nixpkgs;
    config =
      { pkgs, ... }:
      {
        dumb-init = {
          enable = true;
          type.services = {};
        };

        services.mysql = {
          enable = true;

          ensureDatabases = singleton "gitea";
          ensureUsers = singleton {
            name = "gitea";
            ensurePermissions = {
              "database.*" = "ALL PRIVILEGES";
            };
          };
        };

        init.services.gitea.shutdownOnExit = true;
        services.gitea = {
          enable = true;

          appName = "Red Alder Gitea";
          runMode = "prod";
          user = "gitea";

          secrets = {
            secretKeyFile = "/secrets/secret_key";
            internalTokenFile = "/secrets/internal_token";
            jwtSecretFile = "/secrets/jwt_secret";
            lfsJwtSecretFile = "/secrets/lfs_jwt_secret";
          };

          configuration = {
            repository = {
              ROOT = "/data/gitea/git/repositories";
            };

            "repository.local" = {
              LOCAL_COPY_PATH = "/data/gitea/tmp/local-repo";
            };

            "repository.upload" = {
              TEMP_PATH = "/data/gitea/gitea/uploads";
            };

            server = {
              APP_DATA_PATH = "/data/gitea";
              SSH_DOMAIN = "localhost";
              HTTP_PORT = 3000;
              ROOT_URL = "https://gitea.redalder.org/";
              DISABLE_SSH = false;
              SSH_PORT = 22;
              SSH_LISTEN_PORT = 22;
              LFS_START_SERVER = true;
              LFS_CONTENT_PATH = "/data/gitea/git/lfs";
              DOMAIN = "localhost";
              LFS_JWT_SECRET = "#lfsJwtSecret#";
              OFFLINE_MODE = false;
            };

            database = {
              DB_TYPE = "mysql";
              HOST = "/run/mysqld/mysqld.sock";
              NAME = "gitea";
              USER = "gitea";
              SCHEMA = "";
              SSL_MODE = "disable";
              CHARSET = "utf8";
            };

            indexer = {
              ISSUE_INDEXER_PATH = "/data/gitea/gitea/indexers/issues.bleve";
              REPO_INDEXER_PATH = "/data/gitea/gitea/indexers/repos.bleve";
            };
            session = {
              PROVIDER_CONFIG = "/data/gitea/gitea/sessions";
              PROVIDER = "file";
            };

            picture = {
              AVATAR_UPLOAD_PATH = "/data/gitea/gitea/avatars";
              REPOSITORY_AVATAR_UPLOAD_PATH = "/data/gitea/gitea/repo-avatars";
              DISABLE_GRAVATAR = false;
              ENABLE_FEDERATED_AVATAR = true;
            };

            attachment = {
              PATH = "/data/gitea/gitea/attachments";
            };

            security = {
              INSTALL_LOCK = true;
              SECRET_KEY = "#secretKey";
              INTERNAL_TOKEN = "#internalToken#";
            };

            service = {
              DISABLE_REGISTRATION = false;
              REQUIRE_SIGNIN_VIEW = false;
              REGISTER_EMAIL_CONFIRM = false;
              ENABLE_NOTIFY_MAIL = false;
              ALLOW_ONLY_EXTERNAL_REGISTRATION = false;
              ENABLE_CAPTCHA = false;
              DEFAULT_KEEP_EMAIL_PRIVATE = false;
              DEFAULT_ALLOW_CREATE_ORGANIZATION = true;
              DEFAULT_ENABLE_TIMETRACKING = true;
              NO_REPLY_ADDRESS = "noreply.localhost";
            };

            oauth2.JWT_SECRET = "#jwtSecret#";

            mailer.ENABLED = false;

            openid = {
              ENABLE_OPENID_SIGNIN = true;
              ENABLE_OPENID_SIGNUP = true;
            };

            log = {
              MODE = "console";
              LEVEL = "Debug";
            };
          };
        };
      };
  };
}