{pkgs, lib, config, ...}:
let inherit (config) networking;
    inherit (config.services) gitweb gitolite nginx;
    package = pkgs.gitweb.override (lib.optionalAttrs gitweb.gitwebTheme {
      gitwebTheme = true;
    });
    RuntimeDirectory = "gitweb";
    gitwebSocket = "/run/${RuntimeDirectory}/gitweb.sock";
    static-custom = pkgs.writeTextFile {
      name = "static-custom";
      destination = "/static-custom/style.css";
      text = ''
        .project_list {
          width:100%;
        }
      '';
    };
in
{
  services.nginx = {
    virtualHosts."git" = {
      serverName = "git.${networking.domain}";
      serverAliases =
        map (domainAlias: "git." + domainAlias)
            config.networking.domainAliases;
      forceSSL = false;
      sslCertificate = nginx.virtualHosts."_".sslCertificate;
      sslCertificateKey = nginx.virtualHosts."_".sslCertificateKey;
      locations = {
        "/" = {
          extraConfig = ''
            include ${pkgs.nginx}/conf/fastcgi_params;
            fastcgi_param PATH_INFO $fastcgi_script_name;
             # NOTE: used by gitweb's pathinfo feature.
            fastcgi_param GITWEB_CONFIG ${gitweb.gitwebConfigFile};
            fastcgi_pass unix:${gitwebSocket};
          '';
        };
        "/static/" = {
          alias = "${pkgs.gitweb}/static/";
        };
        "/static-custom/" = {
          alias = "${static-custom}/static-custom/";
        };
      };
    };
  };
  systemd.services.gitweb = {
    description = "GitWeb FastCGI service";
    script = "${pkgs.gitweb}/gitweb.cgi --fastcgi --nproc=1";
    environment  = {
      FCGI_SOCKET_PATH = gitwebSocket;
      FCGI_SOCKET_PERM = "432"; # decimal of 660 in octal, since current CGI::Fast doesn't use perl's oct()
    };
    serviceConfig = {
      User             = gitolite.user;
      Group            = nginx.group;
      RuntimeDirectory = [ RuntimeDirectory ];
      Restart          = "always";
      RestartSec       = 10;
    };
    wantedBy = [ "multi-user.target" ];
  };
  services.gitweb = {
    gitwebTheme = false;
    projectroot = "${gitolite.dataDir}/repositories";
    extraConfig = ''
      use utf8;
      my $s = $cgi->https() ? "s"  : "";
      @extra_breadcrumbs = (["${networking.domainBase}" => "http''${s}://${networking.domain}"]);
      $site_name = "Git — Sourcephile";
      $home_link_str = "git";
      $projects_list = "${gitolite.dataDir}/projects.list";
      $projects_list_group_categories = 1;
      $default_projects_order = "age";
      $omit_owner = 1;
      $export_ok = "git-daemon-export-ok";
      $prevent_xss = 0;
      @git_base_url_list =
       ( "git://git.${networking.domain}"
       , "git\@git.${networking.domain}:"
       );
      $feature{'pathinfo'}{'default'} = [1];
       # NOTE: more readable URL.
      @stylesheets = ( "/static/gitweb.css"
                     , "/static-custom/style.css" 
                     );
      $logo        =  "/static/git-logo.png";
      $favicon     =  "/static/git-favicon.png";
      $javascript  =  "/static/gitweb.js";
      $feature{'highlight'}{'default'} = [1];
      # FIX: gitweb bug: FCGI is not Unicode aware.
      if ($first_request) {
          my $enc = Encode::find_encoding('UTF-8');
          my $org = \&FCGI::Stream::PRINT;
          no warnings 'redefine';
          *FCGI::Stream::PRINT = sub {
              my @OUTPUT = @_;
              for (my $i = 1; $i < @_; $i++) {
                  $OUTPUT[$i] = $enc->encode($_[$i], Encode::FB_CROAK|Encode::LEAVE_SRC);
              }
              @_ = @OUTPUT;
              goto $org;
          };
      };
    '';
  };
}