{ config, ... }:
let
  fqdn = "git.${config.networking.fqdn}";
in
{
  services.nginx = {
    gitweb = {
      enable = true;
      location = "";
      virtualHost = "${fqdn}";
    };
    virtualHosts."${fqdn}" = {
      enableACME = config.security.acme.acceptTerms;
      forceSSL = config.security.acme.acceptTerms;
    };
  };
  # BOILER
  # PLATE
  networking.hosts."127.0.0.1" = [ "${fqdn}" ];
  # TODO Check perms see if they are g2g. idk about recursive +x
  # Rethink this. Ugly.
  systemd.tmpfiles.rules = [
    "d '${config.services.gitweb.projectroot}' 0775 ${config.services.nginx.user} git"
    "Z '${config.services.gitweb.projectroot}' 0775 ${config.services.nginx.user} git"
  ];
  users.groups.git = {};
}