{ config, pkgs, lib, ... }:

let
  domain = "runas.rocks";
  runas_root = "/var/lib/runas.rocks/dist";
  service_name = "runas.rocks-pull";
  mkStartScript = name: pkgs.writeShellScript "${name}.sh" ''
    set -euo pipefail
    cd ${runas_root}
    git pull origin main --rebase
  '';
  
  utilities = import ./utilities.nix { inherit lib config; };
  inherit (utilities) architectInterfaceAddress;
in
{
  services.nginx.virtualHosts.${domain} = {
    enableACME = true;
    forceSSL = true;

    locations."/".root = runas_root;

    locations."/.git" = { return = "404"; };
  };

  systemd = {
    services.${service_name} = {
      path = [ pkgs.git ];
      enable = true;
      serviceConfig = {
        Type = "oneshot";
        ExecStart = mkStartScript "${service_name}";
      };
    };
    timers.${service_name} = {
      wantedBy = [ "timers.target" ];
      timerConfig = {
        OnCalendar = "hourly";
        Unit = "${service_name}.service";
      };
    };
  };

  networking.extraHosts = ''
    ${architectInterfaceAddress "lan"} ${domain}
    ${architectInterfaceAddress "tailscale"} ${domain}
  '';
}