{ ... }:
{
  imports = [ ./traefik.nix ./fail2ban.nix ];
  services.gitea = {
    enable = true;
    settings = {
      server = { DOMAIN = "git.xenia.me.uk"; SSH_PORT = 2222; };
      log.MODE = "file";
    };
    appName = "Gitea";
  };
  networking.firewall.allowedTCPPorts = [ 80 443 2222 ];
  services.traefik.dynamicConfigOptions.http = {
    routers.gitea = { rule = "Host(`git.xenia.me.uk`)"; service = "gitea-websecure"; tls = { certResolver = "default"; }; };
    services.gitea-websecure.loadBalancer.servers = [{ url = "http://localhost:3000"; }];
  };
  # services.fail2ban.jails.gitea = ''
  #
  # '';
}