{
  config,
  service_configs,
  username,
  ...
}:
{
  services.gitea = {
    enable = true;
    appName = "Simon Gardling's Gitea instance";
    stateDir = service_configs.gitea.dir;
    database = {
      type = "postgres";
      socket = service_configs.postgres.socket;
    };

    settings = {
      server = {
        DOMAIN = service_configs.gitea.domain;
        ROOT_URL = "https://" + config.services.gitea.settings.server.DOMAIN;
        HTTP_PORT = 3281;
        LANDING_PAGE = "/explore/repos";
      };
      session = {
        # https cookies or smth
        COOKIE_SECURE = true;
      };
      # only I shall use gitea
      service.DISABLE_REGISTRATION = true;
    };
  };

  services.postgresql = {
    ensureDatabases = [ config.services.gitea.user ];
    ensureUsers = [
      {
        name = config.services.gitea.database.user;
        ensureDBOwnership = true;
        ensureClauses.login = true;
      }
    ];
  };

  
  users.users.${username}.extraGroups = [
      config.services.gitea.group
    ];
}