{ self, inputs, ... }: {
  flake.modules.nixos.forgejo = {config, pkgs, lib, ... }:
    let
      cfg = config.forgejo;
    in
    {
      options.forgejo = {
        enable = lib.mkEnableOption "Enable Forgejo backed with PostgreSQL";

        port = lib.mkOption {
          type = lib.types.port;
          default = 3000;
          description = "TCP port for the Forgejo web interface.";
        };

        openFirewall = lib.mkOption {
          type = lib.types.bool;
          default = true;
          description = "Open the Forgejo web interface port in the firewall.";
        };

        https = lib.mkEnableOption "Open the Forgejo web interface port in the firewall.";
      };

      config = lib.mkIf cfg.enable {
        networking.firewall.allowedTCPPorts = lib.optionals cfg.openFirewall [ cfg.port ];

        services.forgejo = {
          enable = true;
          lfs.enable = true;
          settings.server = lib.mkMerge [
            {
              HTTP_PORT = cfg.port;
              DISABLE_SSH = true;
            }
            (lib.mkIf cfg.https {
              ROOT_URL = "https://forgejo.john-stream.com";
              PROTOCOL = "https";
              COOKIE_SECURE = true;
              KEY_FILE = config.mtls.keyFile;
              CERT_FILE = config.mtls.certFile;
            })
          ];

          database = {
            type = "postgres";
            port = config.services.postgresql.settings.port;
            # createDatabase = false;
          };
          # dump = {
          #   enable = true;
          #   interval = "12h";
          # };
        };

        services.postgresql = {
          enable = true;
          settings = {

          };
        };
      };
    };
}