{ lib, pkgs, ... }:
let
  home = "/var/lib/git";
  repos = {
    nixos = {
      path = "${home}/nixos.git";
      desc = "My NixOS Configurations";
      owner = "jras";
    };

    notes = {
      path = "${home}/notes.git";
      desc = "My notes";
      owner = "jras";
    };

    obsidian-wavez-theme = {
      path = "${home}/obsidian-wavez-theme.git";
      desc = "The bordeaux theme for Obsidian";
      owner = "jras";
    };

    astal-bar = {
      path = "${home}/astal-bar.git";
      desc = "A wayland bar in jsx";
      owner = "jras";
    };
  };

  startScript = pkgs.writeShellScript "init-git-repos" ''
  ${lib.concatMapStrings ({ path, ... }: "${pkgs.git}/bin/git init --bare --shared ${path} && cd ${path} && ${pkgs.git}/bin/git branch -m main \n") (builtins.attrValues repos)} 
  '';
in
{
  networking.firewall.allowedTCPPorts = [ 80 ];

  services.cgit.snorlax = {
    enable = true;
    group = "git";
    repos = repos;
  };

  systemd.services.init-repos = {
    description = "Initialize git repositories";
    wantedBy = [ "multi-user.target" ];
    restartTriggers = [ startScript ];

    serviceConfig = {
      Type = "oneshot";
      User = "git";
      Group = "git";
      ExecStart = startScript;
    };
  };

  users.groups.git = {};
  users.users.git = {
    isNormalUser = true;
    home = "${home}";
    homeMode = "0750";
    createHome = true;
    shell = pkgs.zsh;
    group = "git";
    openssh.authorizedKeys.keyFiles = [
      ../../keys/id_tarrel.pub
      ../../keys/id_work.pub
    ];
    packages = with pkgs; [ git ];
  };
  services.openssh.settings.AllowUsers = [ "git" ];
}