{ ... }:
{
  services.forgejo = {
    enable = true;
    database.type = "postgres";
    mailerPasswordFile = "/secrets/forgejo-mailer-password.secret";

    settings = {
      DEFAULT = {
        APP_NAME = "Nekoverse Git";
      };
      server = {
        DOMAIN = "git.nekover.se";
        PROTOCOL = "http";
        HTTP_ADDR = "127.0.0.1";
        HTTP_PORT = 3000;
        ROOT_URL = "https://git.nekover.se/";
        # LOCAL_ROOT_URL is apparently what Forgejo uses to access itself.
        # Doesn't need to be set.
      };
      admin = {
        DISABLE_REGULAR_ORG_CREATION = false;
      };
      session = {
        COOKIE_SECURE = true;
      };
      "ui.meta" = {
        AUTHOR = "Nekoverse Git";
        DESCRIPTION = "Git instance of the Nekoverse.";
        KEYWORDS = "git,forge,forgejo,nekoverse";
      };
      service = {
        ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
        DEFAULT_USER_VISIBILITY = "limited";
        DEFAULT_KEEP_EMAIL_PRIVATE = true;
        ENABLE_BASIC_AUTHENTICATION = false;
      };
      repo = {
        DEFAULT_REPO_UNITS = "repo.code,repo.issues,repo.pulls";
      };
      repository = {
        ENABLE_PUSH_CREATE_USER = true;
        ENABLE_PUSH_CREATE_ORG = true;
      };
      actions = {
        ENABLED = true;
        ARTIFACT_RETENTION_DAYS = 30;
      };
      mailer = {
        ENABLED = true;
        FROM = "nyareply@nekover.se";
        PROTOCOL = "smtps";
        SMTP_ADDR = "mail-1.grzb.de";
        SMTP_PORT = 465;
        USER = "forgejo@nekover.se";
      };
      cache = {
        ENABLED = true;
        ADAPTER = "redis";
        HOST = "redis+socket:///run/redis-forgejo/redis.sock";
      };
    };
  };
}