{ config, ... }:

let
  domain = "git.glennwso.com";
	# derp = "hi";
in
{
  security.acme = {
    acceptTerms = true;
    defaults = {
      email = "glennpub@proton.me";
      dnsProvider = "cloudflare";
  #     # location of your CLOUDFLARE_DNS_API_TOKEN=[value]
  #     # https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#EnvironmentFile=
      environmentFile = "/etc/nixos/.secrets/cloudflare_dns_tokend";
    };
  };
  networking.firewall.allowedTCPPorts = [ 80 443 3000 ];
  services.forgejo = {
    enable = true;
    settings = {
      service = {
        # DISABLE_REGISTRATION = true;
      };
      server = {
        ROOT_URL = "https://${domain}/";
        LANDING_PAGE = "explore";
      };
    };
  };

  services.nginx = {
    enable = true;
    appendHttpConfig = ''
      map $uri $forgejo_access_log {
        default 1;
        /api/actions/runner.v1.RunnerService/FetchTask 0;
      }
    '';
  };

  services.nginx.virtualHosts.${domain} = {
    enableACME = true;
    forceSSL = true;
    locations."/" = {
      proxyPass = "http://localhost:3000/";
      # extraConfig = ''
      #   access_log /var/log/nginx/access.log main if=$forgejo_access_log;
      # '';
    };
  };
}