{ config, lib, pkgs, ... }:

let
  cfg = config.git;
in
{
  options.git = {
    webUiDomain = lib.mkOption {
      type = lib.types.str;
    };
  };

  config = {
    services = {
      gitolite = {
        enable = true;
        adminPubkey = ""; # TODO: submit PR to nixpkgs to make this option optional
        user = "git";
        group = "git";
        dataDir = "/srv/gitolite";
        extraGitoliteRc = ''
          $RC{UMASK} = 0027;
          $RC{GIT_CONFIG_KEYS} = 'cgit.* gitweb.*';

          # not working for some reason? still getting `FATAL: git config 'gitweb.description' not allowed` if gitweb.* is omitted in GIT_CONFIG_KEYS
          # push( @{$RC{ENABLE}}, 'cgit' ); # update description files instead of gitweb.description config
        '';
      };

      nginx.virtualHosts.${cfg.webUiDomain} = {
        enableACME = true;
        forceSSL = true;
      };

      cgit.main = {
        enable = true;
        # running as the gitolite user because otherwise cloning a repo via cgit fails with:
        #   fatal: detected dubious ownership in repository
        user = config.services.gitolite.user;
        group = config.services.gitolite.group;
        nginx.virtualHost = cfg.webUiDomain;
        scanPath = "${config.services.gitolite.dataDir}/repositories";
        settings = {
          remove-suffix = 1;
          enable-git-config = 1;
          root-title = "push-f.com repositories";
          root-desc = "My various repositories.";
          enable-index-owner = 0;
          source-filter = "${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py";
          clone-prefix = "https://${cfg.webUiDomain}";
        };
      };
    };
  };
}