{ modulesPath, pkgs, unstable, config, ... }:

{
  imports = [
    # Include the default lxd configuration.
    "${modulesPath}/virtualisation/proxmox-lxc.nix"
    # Include the container-specific autogenerated configuration.
    ./lxd.nix
  ];

  networking = {
    dhcpcd.enable = false;
    useDHCP = false;
    useHostResolvConf = false;
    firewall.enable = false;
    nameservers = ["192.168.1.155" "1.1.1.1"];
  };

  environment.systemPackages = with pkgs; [
    git
    curl
    vim
  ];

  services.nginx = {
    enable = true; 
  };

  services.nginx.virtualHosts."forgejo.nix02.cluster" = {
    locations."/" = {
      proxyPass = "http://127.0.0.1:8312";
      proxyWebsockets = true;
    };
  };

  services.nginx.virtualHosts."forge.amy.mov" = {
    locations."/" = {
      proxyPass = "http://127.0.0.1:8312";
      proxyWebsockets = true;
    };
  };

  services.forgejo = {
    enable = true;
    package = unstable.forgejo;
    settings = {
      server = {
        HTTP_PORT = 8312;
        ROOT_URL = "https://forge.amy.mov";
      };
    };
    
    database = {
      createDatabase = false;
      
      type = "postgres";
      host = "nix01.cluster";
      name = "forgejo";
      user = "forgejo";
      passwordFile = config.age.secrets."forgejo.dbpass".path;
    };
  };

  services.authentik = {
    enable = true;
    environmentFile = config.age.secrets."authentik.env".path;

    nginx = {
      enable = true;
      enableACME = false;
      host = "auth.nix02.cluster";
    };

    createDatabase = false;
    
    settings = {
      postgresql = {
        host = "nix01.cluster";
        user = "authentik";
        password = "authentik";
        name = "authentik";
      };

      disable_startup_analytics = true;
      avatars = "initials";
    };
  };

  system.stateVersion = "24.11"; # Did you read the comment?
}