{ config, lib, pkgs, ... }:
let

  errorPages = pkgs.fetchgit {
    url = "https://git.ingolf-wagner.de/palo/http-errors.git";
    rev = "74b8e4c1d9bbba3db6ad858b888e1867318af1f0";
    sha256 = "0czdzafx4k76q773lyf3vsjm74g1995iz542dhw15kpy5xbivsrg";
  };

  error = {
    extraConfig = ''
      error_page 400 /errors/400.html;
      error_page 401 /errors/401.html;
      error_page 402 /errors/402.html;
      error_page 403 /errors/403.html;
      error_page 404 /errors/404.html;
      error_page 405 /errors/405.html;
      error_page 406 /errors/406.html;
      error_page 500 /errors/500.html;
      error_page 501 /errors/501.html;
      error_page 502 /errors/502.html;
      error_page 503 /errors/503.html;
      error_page 504 /errors/504.html;
    '';
    locations."^~ /errors/" = {
      extraConfig = "internal;";
      root = "${errorPages}/";
    };
  };

in
{

  services.nginx = {
    enable = true;
    statusPage = true;
    virtualHosts = {
      "git.${config.networking.hostName}.private" = {
        extraConfig = error.extraConfig;
        locations."/" = {
          proxyPass = "http://${config.networking.hostName}.private:${
              toString config.services.gogs.httpPort
            }";
        };
      };
    };
  };

  services.gogs = {
    enable = true;
    appName = "Kruck GoGs";
    domain = "git.ingolf-wagner.de";
    httpPort = 3000;
    repositoryRoot = "/home/gogs/repositories";
    stateDir = "/home/gogs";
    rootUrl = "https://git.ingolf-wagner.de/";
    extraConfig = ''
      [service]
      DISABLE_REGISTRATION     = true
      SHOW_REGISTRATION_BUTTON = false
      [server]
      SSH_DOMAIN               = "git.ingolf-wagner.de"
      SSH_PORT                 = 443
      START_SSH_SERVER         = true
      SSH_LISTEN_PORT          = 2222

      [log.file]
      LEVEL = Warn

      [log.console]
      LEVEL = Warn

      [log.sublogger.macaron]
      LEVEL = Warn
    '';
  };
  backup.dirs = [ config.services.gogs.repositoryRoot ];

  #  services.nginx = {
  #    enable = true;
  #    statusPage = true;
  #    virtualHosts = {
  #      "gitlab.${config.networking.hostName}.private" = {
  #        extraConfig = error.extraConfig;
  #        locations."/" = {
  #          proxyPass = "http://${config.networking.hostName}.private:${
  #              toString config.services.gitlab.port
  #            }";
  #        };
  #      };
  #    };
  #  };
  #  services.gitlab = {
  #    enable = true;
  #    host = "gitlab.${config.networking.hostname}.private";
  #    port = 9897;
  #    #databasePasswordFile = "path/todo";
  #    #initialRootPasswordFile = "path/todo";
  #
  #    secrets = {
  #      #  Make sure the secret is at least 30 characters and all random,
  #      # no regular words or you'll be exposed to dictionary attacks
  #      dbFile = "path/todo";
  #
  #      # openssl genrsa 2048
  #      jwsFile = "path/todo";
  #
  #      # Make sure the secret is at least 30 characters and all random,
  #      # no regular words or you'll be exposed to dictionary attacks
  #      otpFile = "path/todo";
  #
  #      # Make sure the secret is at least 30 characters and all random,
  #      # no regular words or you'll be exposed to dictionary attacks
  #      secretFile = "path/todo";
  #    };
  #
  #    # smtp?
  #
  #    # gitlab-runner?
  #  };

}