{ config, pkgs, ... }:
let
  gitshell = pkgs.writeShellScriptBin "gitshell" ''
    if [ "$1" = "-c" ]; then
      CMD="$2"

      if [[ $CMD =~ ^git-receive-pack\ (.*)$ ]]; then
        REPO="''${BASH_REMATCH[1]}"

        REPO="''${REPO#\'}"
        REPO="''${REPO%\'}"

        REPO_PATH="/var/lib/git-server/$REPO"

        # init as bare repo if it doesnt exist
        if [ ! -d "$REPO_PATH" ]; then
          echo "Initializing new bare repository: $REPO" >&2
          ${pkgs.git}/bin/git init --bare -b main "$REPO_PATH" >&2
        fi
      fi
    fi

    exec ${pkgs.git}/bin/git-shell "$@"
  '';
in
{
  users.groups.git = { };
  users.users.git = {
    isSystemUser = true;
    group = "git";
    home = "/var/lib/git-server";
    createHome = true;
    shell = "${gitshell}/bin/git-auto-init-shell";
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDXt8vkpi9jOp9dCjoS8u0dC4fDdgb73w8z7VNI42FB did:web:vt3e.cat"
    ];
  };

  services.openssh.extraConfig = ''
    Match user git
      AllowTcpForwarding no
      AllowAgentForwarding no
      PasswordAuthentication no
      PermitTTY no
      X11Forwarding no
  '';

  services.legit = {
    enable = true;

    user = "git";
    group = "git";

    settings = {
      server = {
        name = "192.168.1.107";
        host = "0.0.0.0";
        port = config.svports.legit;
      };

      meta = {
        title = "git";
        description = "bweh";
      };

      repo = {
        scanPath = "/var/lib/git-server";
        ignore = [
          ".vscode-server"
        ];
        mainBranch = [
          "main"
          "master"
        ];
        readme = [
          "README.md"
          "README"
        ];
      };
    };
  };
}