{
  config,
  pkgs,
  ...
}: {
  age.secrets = {
    sendmail_email_key_gitea = {
      file = ../../secrets/sendmail_email_key_gitea.age;
      owner = "gitea";
      group = "gitea";
    };

	gitea_actions_runner_token = {
	  file = ../../secrets/gitea_actions_runner_token.age;
	};
  };

  services.gitea-actions-runner = {
    instances = {
      primary = {
        enable = true;
        name = "actions-runner";
        url = config.services.gitea.settings.server.ROOT_URL;
		tokenFile = config.age.secrets.gitea_actions_runner_token.path;
		labels = [
		  "ubuntu-latest:docker://node:16-bullseye"
		];
      };
    };
  };

  services.gitea = {
    enable = true;
    appName = "The Broccoli Patch";
    database = {
      type = "sqlite3";
    };
    dump = {
      enable = true;
      type = "tar.zst";
      file = "gitea.zip";
      backupDir = "/var/backup";
      interval = "01:30";
    };
    settings = {
      server = {
        ROOT_URL = "https://git.broccoli.town/";
        HTTP_PORT = 3030;
        DOMAIN = "git.broccoli.town";
      };
      service = {
        REGISTER_EMAIL_CONFIRM = true;
        DISABLE_REGISTRATION = true;
      };
      repository = {
        ENABLE_PUSH_CREATE_USER = true;
      };
      mailer = {
        ENABLED = true;
        FROM = "gitea@broccoli.town";
        PROTOCOL = "smtp";
        SMTP_ADDR = "smtp.sendgrid.net";
        SMTP_PORT = 465;
        IS_TLS_ENABLED = true;
        USER = "apikey";
      };
	  actions = {
		ENABLED = true;
	  };
    };
    mailerPasswordFile = config.age.secrets.sendmail_email_key_gitea.path;
  };
}