{ config, lib, pkgs, ... }:

with lib;
let
  cfg = config.modules.services.cgit;
in
{
  options.modules.services.cgit = {
    enable = mkEnableOption "cgit with uwsgi";

    domain = mkOption { type = types.str; };
    realHost = mkOption { type = types.str; };
    # TODO: use generators & submodules
    settings = {
      title = mkOption { type = types.str; default = "${cfg.domain} git"; };
      description = mkOption { type = types.str; default = "cgit, hyperfast web frontend for Git"; };
    };
  };
  config = mkIf cfg.enable {

    modules.services.nginx.enable = true;

    services.uwsgi = {
      enable = true;
      user = "nginx";
      group = "nginx";
      plugins = [ "cgi" ];

      instance = {
        type = "emperor";
        vassals = {
          cgit = {
            type = "normal";
            socket = "/run/uwsgi/cgit.sock";
            procname-master = "uwsgi cgit";
            plugins = [ "cgi" ];
            cgi = "${pkgs.cgit-pink}/cgit/cgit.cgi";
          };
        };
      };
    };

    users.extraUsers.nginx.extraGroups = [ "git" ];

    services.nginx.virtualHosts.${cfg.realHost} = {
      forceSSL = true;
      useACMEHost = cfg.domain;
      root = "${pkgs.cgit-pink}/cgit";
      locations = {
        "/" = {
          extraConfig = ''
            try_files $uri @cgit;
          '';
        };
        "=/cgit-exotic.css" = {
          alias = "${./cgit-exotic.css}";
          extraConfig = ''
            # add_header Cache-Control "public, max-age=14400, must-revalidate";
          '';
        };
        "@cgit" = {
          extraConfig = ''
            uwsgi_pass unix:/run/uwsgi/cgit.sock;
            include ${pkgs.nginx}/conf/uwsgi_params;
            uwsgi_modifier1 9;
          '';
        };
      };
    };

    networking.firewall.allowedTCPPorts = [ 80 443 ];

    systemd.services.create-cgit-cache = {
      description = "Create cache directory for cgit";
      enable = true;

      script = ''
        mkdir -p /run/cgit
        chown -R nginx:nginx /run/cgit
      '';

      wantedBy = [ "uwsgi.service" ];
      serviceConfig = {
        Type = "oneshot";
      };
    };

    environment.etc."cgitrc".text = ''
      virtual-root=/

      cache-size=1000
      cache-root=/run/cgit

      root-title=${cfg.settings.title}
      root-desc=${cfg.settings.description}

      css=/cgit-exotic.css

      snapshots=tar.gz zip

      enable-git-config=1
      remove-suffix=1

      enable-index-links=1
      enable-index-owner=0
      enable-git-clone=1
      enable-commit-graph=1
      enable-log-filecount=1
      enable-log-linecount=1

      branch-sort=age

      readme=:README
      readme=:readme
      readme=:README.md
      readme=:readme.md
      readme=:README.org
      readme=:readme.org

      source-filter=${pkgs.cgit-pink}/lib/cgit/filters/syntax-highlighting.py
      about-filter=${pkgs.cgit-pink}/lib/cgit/filters/about-formatting.sh

      section-from-path=2

      project-list=${config.services.gitolite.dataDir}/projects.list
      scan-path=${config.services.gitolite.dataDir}/repositories
    '';
  };
}