{ pkgs, pkgsUnstable, ... }: 
{
  services.gitea = {
    enable = true;
    package = pkgsUnstable.forgejo;
    repositoryRoot = "/forgejo/repos";
    appName = "Katzenschmiede";
    database = {
      type = "postgres";
    };
    settings = {
      openid = {
        ENABLE_OPENID_SIGNIN = true;
      };
      federation = {
        ENABLED = true;
      };
      server = {
        ROOT_URL = "https://forge.katzen.cafe/";
        HTTP_PORT = 8082;
        DOMAIN = "forge.katzen.cafe";
      };
      service = {
        REGISTER_MANUAL_CONFIRM = true;
        SHOW_REGISTRATION_BUTTON = false;
      };
      actions = {
        ENABLED = true;
      };
      mailer = {
        ENABLED = true;
        FROM = "forge@noreply.katzen.cafe";
        MAILER_TYPE = "smtp";
        SMTP_ADDR = "mail.katzen.cafe";
        SMTP_PORT = 465;
        IS_TLS_ENABLED = true;
        USER = "forge@noreply.katzen.cafe";
      };
    };
    mailerPasswordFile = "/forgejo/secret/mailerPassword";
  };
  deployment.keys = {
    "forgejoDbPw" = {
      keyCommand = [ "cat" "/home/jade/keys-tmp/forgejo-db-pw" ];
      destDir = "/forgejo/secret/";
      permissions = "0604";
    };
    "mailerPassword" = {
      keyCommand = [ "cat" "/home/jade/keys-tmp/noreply-mailer-pw-forgejo" ];
      destDir = "/forgejo/secret/";
      permissions = "0604";
    };
  };
}