{ config, lib, pkgs, ... }:

let
  new-repo = pkgs.writeShellScriptBin "new-repo" ''
    mkdir -p ${config.users.extraUsers.git.home}/repos/''${1}.git
    ${pkgs.git}/bin/git init --bare ${config.users.extraUsers.git.home}/repos/''${1}.git/
    chown -R git:git ${config.users.extraUsers.git.home}/repos
  '';
in {
  imports = [ ../secrets/keys/git.nix ];

  users.extraUsers.git = {
    uid = config.ids.uids.git;
    isSystemUser = true;
    home = "/home/git";
    createHome = true;
    group = "git";
    homeMode = "770";
    shell = "${pkgs.git}/bin/git-shell";
  };

  users.extraGroups.git = { gid = config.ids.gids.git; };

  services.nginx.gitweb = {
    enable = true;
    location = "/git";
    group = "git";
    #virtualHost = "awful.systems these.awful.systems these";
  };

  services.gitweb = {
    gitwebTheme = true;
    projectroot = "/home/git/repos";
  };

  services.gitDaemon = {
    enable = true;
    user = "git";
    group = "git";
    basePath = "/home/git/repos";
    exportAll = true;
    repositories = [ "/home/git/repos" ];
  };

  environment.systemPackages = [ new-repo ];

  networking.firewall.allowedTCPPorts = [ 9418 ];
}