{
  lib,
  config,
  ...
}: let
  const = import ./const.nix;
  httpPort = const.httpPort;
  sshPort = const.sshPort;
  db_user = "forgejo";
in {
  imports = [
    ./proxy.nix
    ./database.nix
    ./fail2ban.nix
    ./impermanence.nix
  ];

  config = lib.mkIf config.services.forgejo.enable {
    assertions = [
      {
        assertion = config.services.forgejo.settings.server.BUILTIN_SSH_SERVER_USER == config.users.users.git.name;
        message = "Forgejo BUILTIN_SSH_SERVER_USER hardcoded value does not match expected git user name";
      }
    ];

    services.forgejo = {
      database = {
        type = "postgres";
        socket = "/run/postgresql";
      };
      lfs.enable = true;
      settings = {
        server = {
          DOMAIN = "${config.services.forgejo.subdomain}.${config.host.reverse_proxy.hostname}";
          HTTP_PORT = httpPort;
          START_SSH_SERVER = true;
          SSH_LISTEN_PORT = sshPort;
          SSH_PORT = 22;
          BUILTIN_SSH_SERVER_USER = "git";
          ROOT_URL = "https://git.jan-leila.com";
        };
        service = {
          DISABLE_REGISTRATION = true;
        };
        database = {
          DB_TYPE = "postgres";
          NAME = db_user;
          USER = db_user;
        };
      };
    };
  };
}