{ pkgs, lib, config, ... }:

let
  root = "/srv/git";
in {
  services = {
    gitolite = {
      enable = true;
      enableGitAnnex = true;
      dataDir = root;
      user = "git";
      group = "git";
      # the umask is necessary to give the git group read permissions, otherwise
      # git-daemon et al can't access the repos
      extraGitoliteRc = ''
        $RC{SITE_INFO} = 'a computer is a bicycle for the mind.';
        $RC{UMASK} = 0027;
      '';
      adminPubkey = lib.trivial.pipe ../Keys/Ben.pub [
        builtins.readFile
        (lib.strings.splitString "\n")
        lib.lists.head
      ];
      # TODO: this is broken
      # commonHooks = [ ./git-hooks ];
    };
    gitDaemon = {
      enable = true;
      basePath = "${root}/repositories";
      listenAddress = "simatime.com";
      user = "gitDaemon";
      group = "gitDaemon";
    };
  };
  # need to specify that these users can access git files by being part of the
  # git group
  users.users = {
    gitDaemon = {
      description = "Git daemon user";
      extraGroups = [ "git" ];
    };
    "nginx".extraGroups = [ "git" ];
  };
  users.groups = {
    gitDaemon = {};
  };
}