{
  config,
  lib,
  pkgs,
  ...
}:
{
  healthchecks.http.forgejjo = {
    url = "http://git.chungus.private/explore/repos";
    expectedContent = "nixinate";
  };

  services.nginx = {
    enable = true;
    statusPage = true;
    virtualHosts = {
      "git.chungus.private" = {
        extraConfig = ''
          allow ${config.tinc.private.subnet};
          deny all;
        '';
        locations."/" = {
          proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}";
        };
      };
    };
  };

  services.forgejo = {
    enable = true;
    stateDir = "/srv/forgejo";
    settings = {
      DEFAULT.APP_NAME = "git.chungus.private";
      server.ROOT_URL = "http://git.chungus.private/";
      server.DOMAIN = "git.chungus.private";
      service.DISABLE_REGISTRATION = false;
      session.COOKIE_SECURE = false;
      log.LEVEL = "Warn";
      other = {
        SHOW_FOOTER_VERSION = false;
      };
    };
  };

}