{ pkgs, pkgsUnstable, ... }: 
{
  services.gitea = {
    enable = true;
    package = pkgsUnstable.forgejo;
    repositoryRoot = "/forgejo/repos";
    appName = "Katzenschmiede";
    database = {
      type = "postgres";
    };
    settings = {
      openid = {
        ENABLE_OPENID_SIGNIN = true;
      };
      federation = {
        ENABLED = true;
      };
      server = {
        ROOT_URL = "https://forge.katzen.cafe/";
        HTTP_PORT = 8082;
        DOMAIN = "forge.katzen.cafe";
        START_SSH_SERVER = true;
        SSH_PORT = 2222;
      };
      service = {
        REGISTER_MANUAL_CONFIRM = true;
        SHOW_REGISTRATION_BUTTON = false;
      };
      actions = {
        ENABLED = true;
      };
      mailer = {
        ENABLED = true;
        FROM = "noreply@katzen.cafe";
        PROTOCOL = "smtps";
        SMTP_ADDR = "mail.katzen.cafe";
        SMTP_PORT = 465;
        USER = "noreply@katzen.cafe";
      };
    };
    mailerPasswordFile = "/var/lib/secrets/noreply-mail-pw-plain";
  };
  deployment.keys = {
    "noreply-mail-pw-plain" = {
      keyCommand = [ "pass" "mailpws/plain/noreply" ];
      destDir = "/var/lib/secrets";
      permissions = "0604";
    };
  };
}