{ config, pkgs, ... }:

let
  gitUpdateScript = pkgs.writeShellScript "nix-git-auto-update" ''
    set -euo pipefail

    LOCAL_PATH="/var/lib/nixos-config"
    REPO_URL="https://git.skarockoi.de/ska/nixos-production.git"

    if [ ! -d "$LOCAL_PATH/.git" ]; then
      mkdir -p "$LOCAL_PATH"
      chmod 700 "$LOCAL_PATH"
      ${pkgs.git}/bin/git clone "$REPO_URL" "$LOCAL_PATH"
      exit 0
    fi

    cd "$LOCAL_PATH"

    ${pkgs.git}/bin/git fetch origin

    LOCAL_HEAD=$(${pkgs.git}/bin/git rev-parse HEAD)
    REMOTE_HEAD=$(${pkgs.git}/bin/git rev-parse origin/main)

    if [ "$LOCAL_HEAD" != "$REMOTE_HEAD" ]; then
      ${pkgs.git}/bin/git reset --hard origin/main
      ${pkgs.nixos-rebuild}/bin/nixos-rebuild boot \
        -I nixos-config="$LOCAL_PATH/configuration.nix"
    fi
  '';
in
{
  ##############################
  # Git Auto Update Script
  ##############################

  environment.etc."nix-git-auto-update.sh" = {
    mode = "0700";
    source = gitUpdateScript;
  };

  ##############################
  # systemd service
  ##############################

  systemd.services.nix-git-auto-update = {
    description = "Automatically update NixOS from Git";

    wants = [ "network-online.target" ];
    after  = [ "network-online.target" ];

    serviceConfig = {
      Type = "oneshot";
      ExecStart = "/etc/nix-git-auto-update.sh";
      TimeoutStartSec = "10min";
      Restart = "on-failure";
    };
  };

  ##############################
  # systemd timer
  ##############################

  systemd.timers.nix-git-auto-update = {
    description = "Periodic NixOS Git update check";

    wantedBy = [ "timers.target" ];

    timerConfig = {
      OnBootSec = "2min";
      OnUnitActiveSec = "5min";
      Persistent = true;
    };
  };
}