{ lib, config, ... }:

let
  cfg = config.permafrost.forgejo;
  ACMEEnabled = config.permafrost.acme.enable;
in
{
  options.permafrost.forgejo = {
    enable = lib.mkEnableOption "forgejo nixos module";
  };

  config = lib.mkIf cfg.enable {
    permafrost.nginx.enable = lib.mkDefault true;
    permafrost.acme.certDomains = lib.mkIf ACMEEnabled [ "git.zynh.me" ];
    services.nginx.virtualHosts."git.zynh.me" = {
      serverName = "git.zynh.me";
      forceSSL = lib.mkIf ACMEEnabled true;
      useACMEHost = lib.mkIf ACMEEnabled "permafrost";
      locations."/" = {
        proxyPass = "http://localhost:3032";
      };
    };


    networking.firewall.allowedTCPPorts = [
      2221 # SSH port
    ];
  };
}