{ lib, pkgs, config, userDetails, ... }:
let
	cfg = config.gitea;
in {
	options = {
		gitea = {
			enable = lib.mkEnableOption "enables gitea service";
			hostAddress = lib.mkOption {
				type = lib.types.str;
				description = "hostAddress for the container";
				default = "10.0.1.1";
			};
			localAddress = lib.mkOption {
				type = lib.types.str;
				description = "localAddress for the container";
				default = "10.0.1.3";
			};
		};
	};

	config = lib.mkIf cfg.enable {
		containers.gitea = {
			autoStart = true;
			privateNetwork = true;
			hostAddress  = cfg.hostAddress;
			localAddress = cfg.localAddress;

			config = { lib, config, ... }: {
				# Enable gitea service
				services.gitea = {
					enable = true;
					user = "git";  # So ssh cloning uses git@gitea
					settings = {
						server = {
							HTTP_PORT = 3000;  # Can't set as 80 without root permissions, use 3000 instead
						};
					};
				};

				# Networking, etc.
				# Redirect 80 to 3000
				networking.nftables = {
					enable = true;
					ruleset = ''
						table ip nat {
							chain prerouting {
								type nat hook prerouting priority 0;
								tcp dport 80 redirect to :3000
							}
						}
					'';
				};
				networking.firewall.allowedTCPPorts = [ 3000 80 22 ];  # Still need to forward 3000 for nftables rule to work
				networking.hostName = "gitea";

				system.stateVersion = "25.05";
			};
		};
	};
}