{ pkgs, lib, config, inputs, hostName, ... }:
let
  inherit (config.users) users;
  gitolite-admin = "julm";
in
{
environment.systemPackages = [ pkgs.gitolite ];
services.gitolite = {
  enable = true;
  user = "git";
  group = users."git".name;
  adminPubkey = lib.concatStringsSep "\n" users.${gitolite-admin}.openssh.authorizedKeys.keys;
  extraGitoliteRc = ''
    $RC{UMASK} = 0027; # NOTE: no quote around in Perl, so it's octal
    $RC{LOG_DEST} = 'repo-log,syslog';
    $RC{LOG_FACILITY} = 'local0';
    #$RC{GIT_CONFIG_KEYS} = 'hooks.* gitweb.*';
    $RC{GIT_CONFIG_KEYS} = '.*';
    #$RC{LOCAL_CODE} = "$rc{GL_ADMIN_BASE}/local"
    #  if -d "$rc{GL_ADMIN_BASE}/local";
    $RC{LOCAL_CODE} = "$ENV{HOME}/local";
    push(@{$RC{ENABLE}}, ( 'Alias'
                         , 'cgit'
                           # NOTE: without this "cgit" option,
                           # the repositories' "description" files are not modified
                         , 'D'
                         , 'Shell ${gitolite-admin}'
                         , 'create'
                         , 'expand-deny-messages'
                         , 'fork'
                         , 'keysubdirs-as-groups'
                         , 'readme'
                         , (-d "$ENV{HOME}/local" ? 'repo-specific-hooks' : ())
                         , 'ssh-authkeys-split'
                         ));
  '';
};
fileSystems."/var/lib/gitolite" = {
  device = "${hostName}/var/git";
  fsType = "zfs";
};
services.sanoid.datasets."${hostName}/var/git" = {
  use_template = [ "snap" ];
  daily = 7;
};
programs.git = {
  enable = true;
  package = pkgs.gitMinimal;
  config = {
    init.defaultBranch = "main";
  };
};
}