{ lib, pkgs, config, ... }:
let
    cfg = config.myServices.gitolite;
in {
  options.myServices.gitolite = {
    enable = lib.mkEnableOption "my gitolite service";
    gitoliteDir = lib.mkOption {
      type = lib.types.str;
      default = "/var/lib/gitolite";
    };
  };

  config = lib.mkIf cfg.enable {
    myServices.ssh.modules = [{
      snippet = builtins.readFile ./ldap_gitolite.sh;
      dependencies = [ pkgs.gitolite ];
    }];
    services.duplyBackup.profiles.gitolite = {
      rootDir = cfg.gitoliteDir;
    };
    networking.firewall.allowedTCPPorts = [ 9418 ];

    services.gitDaemon = {
      enable = true;
      user = "gitolite";
      group = "gitolite";
      basePath = "${cfg.gitoliteDir}/repositories";
    };

    system.activationScripts.gitolite = let
      deps = [ pkgs.openldap pkgs.stdenv.shellPackage pkgs.gnugrep pkgs.coreutils ];
      gitolite_ldap_groups = pkgs.runCommand "gitolite_ldap_groups.sh" {
        buildInputs = [ pkgs.makeWrapper ];
      } ''
        makeWrapper "${./gitolite_ldap_groups.sh}" "$out" \
          --prefix PATH : ${lib.makeBinPath deps} \
          --set LDAP_PASS ${pkgs.lib.escapeShellArg config.myEnv.tools.gitolite.ldap.password}
        '';
    in {
      deps = [ "users" ];
      text = ''
        if [ -d ${cfg.gitoliteDir} ]; then
          ln -sf ${gitolite_ldap_groups} ${cfg.gitoliteDir}/gitolite_ldap_groups.sh
          chmod g+rx ${cfg.gitoliteDir}
        fi
        if [ -f ${cfg.gitoliteDir}/projects.list ]; then
          chmod g+r ${cfg.gitoliteDir}/projects.list
        fi
      '';
    };

    users.users.wwwrun.extraGroups = [ "gitolite" ];

    users.users.gitolite.packages = let
      python-packages = python-packages: with python-packages; [
        simplejson
        urllib3
        sleekxmpp
      ];
    in
      [
        (pkgs.python3.withPackages python-packages)
      ];
    # Installation: https://git.immae.eu/mantisbt/view.php?id=93
    services.gitolite = {
      enable = true;
      adminPubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXqRbiHw7QoHADNIEuo4nUT9fSOIEBMdJZH0bkQAxXyJFyCM1IMz0pxsHV0wu9tdkkr36bPEUj2aV5bkYLBN6nxcV2Y49X8bjOSCPfx3n6Own1h+NeZVBj4ZByrFmqCbTxUJIZ2bZKcWOFncML39VmWdsVhNjg0X4NBBehqXRIKr2gt3E/ESAxTYJFm0BnU0baciw9cN0bsRGqvFgf5h2P48CIAfwhVcGmPQnnAwabnosYQzRWxR0OygH5Kd8mePh6FheIRIigfXsDO8f/jdxwut8buvNIf3m5EBr3tUbTsvM+eV3M5vKGt7sk8T64DVtepTSdOOWtp+47ktsnHOMh immae@immae.eu";
    };
  };
}