{ pkgs, ... }:
let
  home = "/var/lib/git";
in
{
  networking.firewall.allowedTCPPorts = [ 80 ];

  services.cgit.jap56 = {
    enable = true;
    group = "git";
    scanPath = "${home}";
  };

  users.groups.git = {};
  users.users.git = {
    isNormalUser = true;
    home = "${home}";
    shell = pkgs.zsh;
    group = "git";
    hashedPassword = "$6$Rc//lmBr5orYHn.0$M9y3Zj4zCe723r8hYGIhPC5kPv5SVGHjF1FsjrT9IIx7trxuNTLtLDQVL9lhmR5/7bFMUFEf0CMx9w7.vgXgY0";
    openssh.authorizedKeys.keyFiles = [
      ../../keys/id_tarrel.pub
      ../../keys/id_work.pub
    ];
    packages = with pkgs; [ git ];
  };
  services.openssh.settings.AllowUsers = [ "git" ];
}