{
  pkgs,
  configVars,
  lib,
  ...
}: let
  forgejoDomain = configVars.domains.forgejo;
  forgejoPort = configVars.networking.addresses.forgejo.port;
in {

  imports = [./nginx/forgejo.nix];

  environment.persistence."/persist" = {
    hideMounts = true;
    directories = [
      "/var/lib/forgejo"
    ];
  };

  users.groups.git = {
    gid = 1009;
  };

  users.users.git = {
    isNormalUser = true;
    home = "/var/lib/forgejo";
    uid = 1009;
    extraGroups = ["git"];
  };

  services.openssh = {
    authorizedKeysFiles = lib.mkForce [ "/var/lib/forgejo/.ssh/authorized_keys" ];
  };

  services.forgejo = {
    enable = true;
    package = pkgs.forgejo;
    database.type = "sqlite3";
    lfs.enable = true;
    user = "git";
    group = "git";
    settings = {
      server = {
        RUN_USER = "git";
        DOMAIN = "git.${forgejoDomain}";
        ROOT_URL = "https://git.${forgejoDomain}/";
        HTTP_PORT = forgejoPort;
        SSH_USER = "git";
      };
      service.DISABLE_REGISTRATION = false;
      actions = {
        ENABLED = true;
        DEFAULT_ACTIONS_URL = "github";
      };
    };
  };
}