{
	config,
	container,
	lib,
	pkgs,
	...
}: let
	cfg = config.container.module.git;
in {
	options.container.module.git = {
		enable = lib.mkEnableOption "the git server.";
		address = lib.mkOption {
			default = "10.1.0.8";
			type    = lib.types.str;
		};
		port = lib.mkOption {
			default = 3000;
			type    = lib.types.int;
		};
		portSsh = lib.mkOption {
			default = 22144;
			type    = lib.types.int;
		};
		domain = lib.mkOption {
			default = "git.${config.container.domain}";
			type    = lib.types.str;
		};
		storage = lib.mkOption {
			default = "${config.container.storage}/git";
			type    = lib.types.str;
		};
	};

	config = lib.mkIf cfg.enable {
		systemd.tmpfiles.rules = container.mkContainerDir cfg [
			"data"
		];

		containers.git = container.mkContainer cfg {
			bindMounts = {
				"/var/lib/forgejo" = {
					hostPath   = "${cfg.storage}/data";
					isReadOnly = false;
				};
			};

			config = { ... }: container.mkContainerConfig cfg {
				environment.systemPackages = with pkgs; [
					forgejo
				];

				services.forgejo = {
					enable = true;
					stateDir = "/var/lib/forgejo";

					database = let
						postgre = config.container.module.postgres;
					in {
						createDatabase = false;
						host = postgre.address;
						name = "forgejo";
						port = postgre.port;
						type = "postgres";
						user = "forgejo";
					};

					settings = let
						gcArgs = "--aggressive --no-cruft --prune=now";
						gcTimeout = 600;
					in {
						"cron.cleanup_actions".ENABLED = true;
						"cron.update_mirrors".SCHEDULE = "@midnight";
						"git".GC_ARGS    = gcArgs;
						"git.timeout".GC = gcTimeout;
						"log".LEVEL = "Error";
						"repo-archive".ENABLED = false;
						"repository.issue".MAX_PINNED = 99999;
						"repository.pull-request".DEFAULT_MERGE_STYLE = "rebase";
						"service".DISABLE_REGISTRATION = true;
						"server" = {
							DOMAIN    = cfg.domain;
							HTTP_ADDR = cfg.address;
							ROOT_URL  = "https://${cfg.domain}";
							BUILTIN_SSH_SERVER_USER = "git";
							DISABLE_SSH             = false;
							SSH_PORT                = cfg.portSsh;
							START_SSH_SERVER        = true;
						};
						"ui" = {
							AMBIGUOUS_UNICODE_DETECTION = false;
						};
						"repository" = {
							DEFAULT_PRIVATE = "private";
							DEFAULT_PUSH_CREATE_PRIVATE = true;
						};
						"cron" = {
							ENABLED      = true;
							RUN_AT_START = true;
						};
						"cron.git_gc_repos" = {
							ENABLED  = true;
							ARGS     = gcArgs;
							SCHEDULE = "@midnight";
							TIMEOUT  = gcTimeout;
						};
					};
				};
			};
		};
	};
}