{ config, pkgs, lib, ... }:
let domain = "gitlab.space-left.org";
in {

  # setup gitlab
  services.gitlab = {
    enable = true;
    host = domain;
    databasePasswordFile = "path/todo";
    initialRootPasswordFile = "path/todo";

    secrets = {
      #  Make sure the secret is at least 30 characters and all random,
      # no regular words or you'll be exposed to dictionary attacks
      dbFile = "path/todo";

      # openssl genrsa 2048
      jwsFile = "path/todo";

      # Make sure the secret is at least 30 characters and all random,
      # no regular words or you'll be exposed to dictionary attacks
      otpFile = "path/todo";

      # Make sure the secret is at least 30 characters and all random,
      # no regular words or you'll be exposed to dictionary attacks
      secretFile = "path/todo";
    };

    # smtp?

    # gitlab-runner?
  };

  # setup nginx for gitlab
  services.nginx = {
    enable = true;
    recommendedProxySettings = true;

    virtualHosts."${domain}" = {
      enableACME = true;
      forceSSL = true;
      locations."/" = {
        proxyPass = "http://127.0.0.1:${toString config.services.gitlab.port}";
      };
    };
  };

}