{
  config,
  lib,
  pkgs,
  ...
}:
with lib; let
  cfg = config.nixfiles.modules.git;
in {
  options.nixfiles.modules.git.server = {
    enable = mkEnableOption "Git server";

    domain = mkOption {
      description = "Domain name sans protocol scheme.";
      type = with types; nullOr str;
      default = "git.${config.networking.domain}";
    };

    package = mkOption {
      description = "Package.";
      type = types.package;
      default = pkgs.cgit;
    };
  };

  config = mkIf cfg.server.enable {
    ark.directories = [
      config.services.gitolite.dataDir
    ];

    nixfiles.modules.nginx = {
      enable = true;
      virtualHosts.${cfg.server.domain} = {
        locations = {
          "/".extraConfig = let
            cgitrc = pkgs.writeText "cgitrc" ''
              root-title=github sux (⩺_⩹)
              root-desc=https://github.com/azahi
              footer=https://GiveUpGitHub.com

              clone-url=https://${cfg.server.domain}/$CGIT_REPO_URL

              logo=/cgit-custom-logo.gif
              favicon=/cgit-custom-favicon.gif
              css=/cgit-custom-style.css

              about-filter=${cfg.server.package}/lib/cgit/filters/about-formatting.sh
              source-filter=${cfg.server.package}/lib/cgit/filters/syntax-highlighting.py
              commit-filter=${cfg.server.package}/lib/cgit/filters/commit-links.sh

              enable-git-config=1
              enable-gitweb-owner=1
              remove-suffix=1

              readme=:README
              readme=:README.md
              readme=:README.org
              readme=:README.txt
              readme=:readme
              readme=:readme.md
              readme=:readme.org
              readme=:readme.txt

              scan-path=${config.services.gitolite.dataDir}/repositories
            '';
          in ''
            include ${config.services.nginx.package}/conf/fastcgi_params;
            fastcgi_split_path_info ^(/?)(.+)$;
            fastcgi_pass unix:${config.services.fcgiwrap.socketAddress};
            fastcgi_param SCRIPT_FILENAME ${cfg.server.package}/cgit/cgit.cgi;
            fastcgi_param CGIT_CONFIG ${cgitrc};
            fastcgi_param PATH_INFO $uri;
            fastcgi_param QUERY_STRING $args;
            fastcgi_param HTTP_HOST $server_name;

            ${nginxAppendHead [
              ''<meta name="go-import" content="$host$uri git https://$host$uri">''
              (htmlPlausibleScript {inherit (cfg.server) domain;})
            ]}
          '';
          "~* ^.+(cgit.css|robots.txt)$".extraConfig = ''
            root ${cfg.server.package}/cgit;
          '';
          "~* ^.+cgit-custom-logo.gif$".extraConfig = ''
            alias ${./logo.gif};
          '';
          "~* ^.+cgit-custom-favicon.gif$".extraConfig = ''
            alias ${./favicon.ico};
          '';
          "~* ^.+cgit-custom-style.css$".extraConfig = let
            css = pkgs.writeText "custom.css" ''
              @import url("cgit.css");

              div#cgit {
                font-family: "${config.fontScheme.monospaceFont.family}", monospace;
                -moz-tab-size: 4;
                tab-size: 4;
              }
            '';
          in ''
            alias ${css};
          '';
        };
      };
    };

    services = let
      user = "git";
      group = "git";
    in {
      gitolite = {
        enable = true;
        inherit user group;
        adminPubkey = my.ssh.key;
        extraGitoliteRc = ''
          # This allows hiding repositories via "cgit.ignore"[1].
          #
          # [1]: https://www.omarpolo.com/post/cgit-gitolite.html
          $RC{GIT_CONFIG_KEYS} = '.*';
        '';
      };

      fcgiwrap = {
        enable = true;
        inherit user group;
      };
    };
  };
}