{ config, pkgs, lib, ... }:
let
  cgitWithAssets = pkgs.cgit.overrideAttrs (old: {
    pname   = "cgit-with-assets";

    postInstall = (old.postInstall or "") + ''
      # overwrite the stock files that the module aliases
      install -Dm444 ${./static/cgit.css}     $out/cgit/cgit.css
      install -Dm444 ${./static/logo.png}     $out/cgit/cgit.png   # keep the name!
      install -Dm444 ${./static/favicon.png}  $out/cgit/favicon.ico
    '';
  });
in {
  services = {
    cgit."code" = {
      enable = true;
      scanPath = "/srv/git";
      package = cgitWithAssets;
      
      settings = {
        cache-size = 0;
        cache-scanrc-ttl = 0;
        enable-log-filecount = 1;
        enable-log-linecount = 1;
        enable-git-config = 1;

        localtime = 1;

        noplainemail = 1;

        root-title = "code.aethrvmn.gr";
        root-desc = "αpothēke of aethrvmn";
        clone-url = "https://code.aethrvmn.gr/$CGIT_REPO_URL";

        logo-link = "https://aethrvmn.gr/";

        about-filter  = "${pkgs.cgit}/lib/cgit/filters/about-formatting.sh";
        source-filter = "${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py";
      };

      nginx.virtualHost = "code.internal";
    };
  };

  users = {
    groups.git = { };

    users = {
      git = {
        isSystemUser = true;
        description = "aethrvmn";
        group = "git";
        home = "/srv/git";
        homeMode = "0755";
        createHome = true;
        shell = "${pkgs.git}/bin/git-shell";

        openssh.authorizedKeys.keys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFTRmMBlTFJbOWQBLI9XS2HMdUSlsAcaQ6vWjLpfweEo aethrvmn@apotheke.earth"
        ];
      };

      cgit = {
        isSystemUser = true;
        extraGroups = [ "git" ];
      };
    };
  };

  systemd = {
    tmpfiles.rules = [
      # type path     mode uid gid age target
      "L /srv/git/static - git git - /home/aethrvmn/.nix/modules/server/cgit/static"
    ];
  };
}