{ services, pkgs, lib, makeBinPath, ... }:
let
  domain = "runas.rocks";
  runas_root = "/var/lib/runas.rocks/dist";
  service_name = "runas.rocks-pull";
  network = import ./network.nix;
  mkStartScript = name: pkgs.writeShellScript "${name}.sh" ''
    set -euo pipefail
    cd ${runas_root}
    git pull origin master --rebase
  '';
in
{
  services.nginx.virtualHosts.${domain} = {
    enableACME = true;
    forceSSL = true;

    locations."/".root = runas_root;
    
    locations."/.git" = { return = "404"; };
  };

  systemd = {
    services.${service_name} = {
      path = [ pkgs.git ];
      enable = true;
      serviceConfig = {
        Type = "oneshot";
        ExecStart = mkStartScript "${service_name}";
      };
    };
    timers.${service_name} = {
      wantedBy = [ "timers.target" ];
      timerConfig = {
        OnCalendar = "daily";
        Unit = "${service_name}.service";
      };
    };
  };

  networking.extraHosts = ''
    ${network.architect-lan} ${domain}
    ${network.architect-wg} ${domain}
  '';
}