{ config, pkgs, ... }:

let inherit (pkgs) dockerTools;
in {
  users = {
    extraUsers.gitea = {
      uid = config.ids.uids.git;
      isSystemUser = true;
      description = "Gitea Service";
      group = config.users.extraGroups.gitea.name;
    };
    extraGroups.gitea = { gid = config.ids.gids.git; };
  };

  virtualisation.pods.gitea = {
    hostname = "gitea.tlater.net";
    publish = [ "3000:3000" "2221:2221" ];
    network = "slirp4netns";

    containers = {
      gitea = {
        image = "gitea/gitea:latest";
        imageFile = dockerTools.pullImage {
          imageName = "gitea/gitea";
          imageDigest =
            "sha256:67ccf27b427ec65fd7378d0999a3d94e9649f1953d2bb115864faa71ce7b9ec2";
          sha256 = "1nmmb14lpvk2161q2gww5hppn2sa9qcq78k04c011szx07afq2jy";
          finalImageName = "gitea/gitea";
          finalImageTag = "latest";
        };
        volumes = [ "gitea:/data:Z" "/etc/localtime:/etc/localtime:ro" ];
        dependsOn = [ "postgres" ];

        environment = {
          DB_TYPE = "postgres";
          DB_HOST = "localhost:5432";
          DB_NAME = "gitea";
          DB_USER = "gitea";

          USER_UID = toString config.users.extraUsers.gitea.uid;
          USER_GID = toString config.users.extraGroups.gitea.gid;

          RUN_MODE = "prod";
          DOMAIN = "gitea.tlater.net";
          SSH_PORT = "2221";
        };
      };

      postgres = {
        image = "postgres:alpine";
        imageFile = dockerTools.pullImage {
          imageName = "postgres";
          imageDigest =
            "sha256:578ca5c8452c08a4e0f5e65b55dce5e1812fe63c8fee40ea837641031598e51e";
          sha256 = "1xqg228a29qn3qmzchg65ykx7g3s2fszwp1zv24wxxy40py0bmwk";
          finalImageName = "postgres";
          finalImageTag = "alpine";
        };
        environment = {
          POSTGRES_DB = "gitea";
          POSTGRES_USER = "gitea";
          POSTGRES_PASSWORD = "insecure";
        };
        volumes = [ "gitea-postgres-14:/var/lib/postgresql/data" ];
      };
    };
  };
}