# SPDX-FileCopyrightText: V <v@unfathomable.blue>
# SPDX-License-Identifier: OSL-3.0

{ pkgs, ... }:

let
  socket = "/run/naut/naut.sock";
  proxySocket = "/run/naut/naut-proxy.sock";

  config = {
      "#unfathomable" = [ "nixos-config" ];
      "#ripple" = [ "ripple" "ripple-website" ];
    };
in {
  systemd.sockets.naut-proxy = {
    wantedBy = [ "sockets.target" ];
    listenStreams = [ proxySocket ];
    socketConfig.SocketUser = "git";
  };

  systemd.services.naut-proxy = {
    requires = [ "naut-proxy.socket" ];
    serviceConfig.ExecStart = "${pkgs.systemd}/lib/systemd/systemd-socket-proxyd ${socket}";
  };

  systemd.services.naut = {
    wantedBy = [ "multi-user.target" ];

    environment.NAUT_SOCK = socket;
    environment.NAUT_CONFIG = (pkgs.formats.toml {}).generate "naut.toml" config;

    serviceConfig = {
      ExecStart = "${pkgs.naut}/bin/naut";
      EnvironmentFile = "/etc/naut/env";
      Restart = "on-failure";

      DynamicUser = true;
      SupplementaryGroups = [ "git" ];
      RuntimeDirectory = "naut";
    };
  };

  declarative.git.hooks.post-receive = [
    (pkgs.writeShellScript "nautify" ''
      {
        pwd
        cat
      } | nc -UN ${proxySocket}
    '')
  ];
}