{config, ...}: {
  services.nginx = {
    virtualHosts.${config.services.forgejo.settings.server.DOMAIN} = {
      forceSSL = true;
      enableACME = true;
      extraConfig = ''
        client_max_body_size 512M
      '';
      locations."/".proxyPass = "https://localhost:${builtins.toString config.services.forgejo.settings.server.HTTP_PORT}";
    };
  };
  services.forgejo = {
    enable = true;
    database.type = "postgres";
    lfs.enable = true;
    settings = {
      server = rec {
        DOMAIN = "git.galaxious.de";
        ROOT_URL = "https://${DOMAIN}";
        HTTP_PORT = 4043;
        SSH_PORT = 4022;
      };
      service.DISABLE_REGISTRATION = false;
    };
  };
  services.openssh.ports = [config.services.forgejo.settings.server.SSH_PORT];
}