{ pkgs, config, ... }:

{
  config = {
    users.users.git = {
      isSystemUser = true;
      description = "git";
      home = "/home/git";
      shell = "${pkgs.git}/bin/git-shell";
      openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMDyzrs9sbstv3KFK5FV8qYlSknnEy8Cn+qch4dJLmHA"
      ];
    };
    services = {
      fcgiwrap.enable = true;
      caddy = {
        virtualHosts."http://localhost".extraConfig = ''
          reverse_proxy localhost:5678 { 
            transport fastcgi {
              env SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi
              env CGIT_CONFIG ${pkgs.writeText "cgitrc" (lib.generators.toKeyValue { } {
                clone-url = (lib.concatStringsSep " " [
                  "http://$HTTP_HOST$SCRIPT_NAME/$CGIT_REPO_URL"
                  "ssh://git@git.example.com:$CGIT_REPO_URL"
                ]);
                enable-log-filecount = 1;
                enable-log-linecount = 1;
                enable-git-config = 1;
                root-title = "git.example.com";
                root-desc = "Tzlil's Git Repositories";
                scan-path = "/home/git";
              })}
            } 
          }
        '';
      }
    };
    environment.persistence."/nix/persist".directories = [ "/home/git" ];
  };
}