{ pkgs, auxiliaryPkgs, ... }:

# TODO: bring in cgit text configuration in `/srv` into nixos repository.
let
  inherit (pkgs) dockerTools;
  inherit (auxiliaryPkgs) common;

  cgit = pkgs.cgit-pink;

  cgitLocalPort = 3792;
  cgitDir = "/srv/cgit";
  gitDir = "/srv/git";

  cgitImage = dockerTools.streamLayeredImage {
    name = "cgit";
    tag = cgit.version;
    fromImage = common.alpine.base;

    contents = with pkgs; [
      lighttpd zstd
      python311 python311Packages.pygments
    ] ++ [ cgit ];

    # create cache folder, otherwise
    # the cache is not used.
    # NOTE: `mkdir` here can only create dirs relative
    # to the current folder, but it will be linked
    # to `/` later anyway.
    extraCommands = ''
      mkdir -p ./var/cache/cgit
    '';
  };

in
{
  foundation.services.cgit = {
    image = cgitImage;
    ports = [ [ cgitLocalPort 80 ] ];

    volumes = [
      [ "${cgitDir}/config/cgitrc" "/etc/cgitrc" ]
      [ "${cgitDir}/config/lighttpd.conf" "/etc/lighttpd/cgit.conf" ]
      [ "${cgitDir}/data" "/data" ]

      [ "${gitDir}" "/var/www/cgit" ]
    ];

    entrypoint = "${pkgs.lighttpd}/bin/lighttpd";
    cmd = [
      "-D" # run in foreground
      "-f" "/etc/lighttpd/cgit.conf"
    ];
  };

  services.nginx.virtualHosts."git.rnrd.eu" = {
    enableACME = true;
    forceSSL = true;
    locations = {
      "/" = {
        proxyPass = "http://127.0.0.1:3792";
      };

      "/static/" = {
        alias = "/srv/cgit/static/";
      };
    };
    extraConfig = ''
      access_log /var/log/nginx/git.access.log json_combined;
    '';
  };
}