{ config, pkgs, ... }:

{
  ########################################
  # NixOS Git Auto Update Script
  ########################################

  environment.etc."nixos-git-update.sh" = {
    mode = "0700";
    text = ''
      #!/run/current-system/sw/bin/bash
      set -e

      export PATH="/run/current-system/sw/bin:/nix/var/nix/profiles/default/bin"
      export NIX_PATH="nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos"

      LOCAL_PATH="/var/lib/nixos-config"
      REPO_URL="https://git.skarockoi.de/ska/nixos-production.git"

      if [ ! -d "$LOCAL_PATH/.git" ]; then
        mkdir -p "$LOCAL_PATH"
        chmod 700 "$LOCAL_PATH"
        git clone "$REPO_URL" "$LOCAL_PATH"
        exit 0
      fi

      cd "$LOCAL_PATH"

      git fetch origin
      LOCAL_HEAD=$(git rev-parse HEAD)
      REMOTE_HEAD=$(git rev-parse origin/main)

      if [ "$LOCAL_HEAD" != "$REMOTE_HEAD" ]; then
        git reset --hard origin/main
        nixos-rebuild boot -I nixos-config="$LOCAL_PATH/configuration.nix"
      fi
    '';
  };

  systemd.services.nixos-git-update = {
    description = "Update NixOS from Git configuration";
    script = "/etc/nixos-git-update.sh";
    serviceConfig = {
      Type = "oneshot";
      User = "root";
      Group = "root";
      TimeoutStartSec = "10min";
      Restart = "on-failure";
      StandardOutput = "journal";
      StandardError = "journal";
    };
  };

  systemd.timers.nixos-git-update = {
    description = "Periodic NixOS Git configuration check";
    wantedBy = [ "timers.target" ];
    timerConfig = {
      OnBootSec = "60s";
      OnUnitActiveSec = "5min";
    };
  };
}