{config, ...}: let
  serviceName = "gitea";
  servicePort = config.m3ta.ports.get serviceName;
in {
  services.${serviceName} = {
    enable = true;
    settings = {
      server = {
        ROOT_URL = "https://git.az-gruppe.com";
        HTTP_PORT = servicePort;
      };
      mailer.SENDMAIL_PATH = "/run/wrappers/bin/sendmail";
      service.DISABLE_REGISTRATION = true;
    };
    lfs.enable = true;
    dump = {
      enable = true;
      type = "tar.gz";
      interval = "03:30:00";
      backupDir = "/var/backup/gitea";
    };
  };

  # Traefik configuration
  services.traefik.dynamicConfigOptions.http = {
    services.${serviceName}.loadBalancer.servers = [
      {
        url = "http://localhost:${toString servicePort}/";
      }
    ];

    routers.${serviceName} = {
      rule = "Host(`git.az-gruppe.com`)";
      tls = {
        certResolver = "ionos";
      };
      service = serviceName;
      entrypoints = "websecure";
    };
  };
}