{ container, pkgs, config, lib, ... }: with lib; let
	cfg = config.container.module.git;
in {
	options = {
		container.module.git = {
			enable = mkEnableOption "Git server.";
			address = mkOption {
				default = "10.1.0.8";
				type    = types.str;
			};
			port = mkOption {
				default = 3000;
				type    = types.int;
			};
			portSsh = mkOption {
				default = 22144;
				type    = types.int;
			};
			domain = mkOption {
				default = "git.${config.container.domain}";
				type    = types.str;
			};
			storage = mkOption {
				default = "${config.container.storage}/git";
				type    = types.str;
			};
		};
	};

	config = mkIf cfg.enable {
		systemd.tmpfiles.rules = container.mkContainerDir cfg [
			"data"
		];

		containers.git = container.mkContainer cfg {
			bindMounts = {
				"/var/lib/forgejo" = {
					hostPath   = "${cfg.storage}/data";
					isReadOnly = false;
				};
			};

			config = { ... }: container.mkContainerConfig cfg {
				environment.systemPackages = with pkgs; [ forgejo ];

				services.forgejo = {
					enable = true;
					stateDir = "/var/lib/forgejo";

					database = let
						postgre = config.container.module.postgres;
					in {
						type = "postgres";
						host = postgre.address;
						port = postgre.port;
						user = "forgejo";
						name = "forgejo";
						createDatabase = false;
					};

					settings = let
						gcArgs    = "--aggressive --no-cruft --prune=now";
						gcTimeout = 600;
					in {
						"service".DISABLE_REGISTRATION = true;
						"log".LEVEL = "Error";
						"server" = {
							DOMAIN    = cfg.domain;
							HTTP_ADDR = cfg.address;
							ROOT_URL  = "https://${cfg.domain}";

							BUILTIN_SSH_SERVER_USER = "git";
							DISABLE_SSH             = false;
							SSH_PORT                = cfg.portSsh;
							START_SSH_SERVER        = true;
						};
						"ui" = {
							AMBIGUOUS_UNICODE_DETECTION = false;
						};
						"repository" = {
							DEFAULT_PRIVATE = "private";
							DEFAULT_PUSH_CREATE_PRIVATE = true;
						};
						"repository.pull-request".DEFAULT_MERGE_STYLE = "rebase";
						"repository.issue".MAX_PINNED = 99999;
						"cron" = {
							ENABLED      = true;
							RUN_AT_START = true;
						};
						"repo-archive".ENABLED = false;
						"cron.update_mirrors".SCHEDULE = "@midnight";
						"cron.cleanup_actions".ENABLED = true;
						"cron.git_gc_repos" = {
							ENABLED  = true;
							SCHEDULE = "@midnight";
							TIMEOUT  = gcTimeout;
							ARGS     = gcArgs;
						};
						"git" = {
							GC_ARGS = gcArgs;
						};
						"git.timeout".GC = gcTimeout;
					};
				};
			};
		};
	};
}