{ config, pkgs, lib, ... }:
let cfg = config.my.services.gerrit;
in {
  options.my.services.gerrit = with lib; {
    enable = mkEnableOption "gerrit git server";
    vhostName = mkOption {
      type = types.str;
      example = "cl.fcuny.net";
      description = "Name for the virtual host";
    };
  };

  config = lib.mkIf cfg.enable {
    services.gerrit = {
      enable = true;
      listenAddress = "[::]:4778";
      serverId = "36bc0ffe-8f33-4045-bf8b-de5f88815fc0";
      builtinPlugins = [ "download-commands" "hooks" ];
      jvmHeapLimit = "4g";

      settings = {
        core.packedGitLimit = "100m";
        log.jsonLogging = true;
        log.textLogging = false;
        sshd.advertisedAddress = "git.fcuny.net:29418";
        cache.web_sessions.maxAge = "3 months";
        plugins.allowRemoteAdmin = false;
        change.enableAttentionSet = true;
        change.enableAssignee = false;

        gerrit = {
          canonicalWebUrl = "https://${cfg.vhostName}";
          docUrl = "/Documentation";
        };

        httpd.listenUrl = "proxy-https://${cfg.listenAddress}";

        download.command = [ "checkout" "cherry_pick" "format_patch" "pull" ];

        # Receiving email is not currently supported.
        sendemail = { enable = false; };
      };
    };

    services.nginx.virtualHosts."${cfg.vhostName}" = {
      forceSSL = true;
      enableACME = true;
      locations."/" = { proxyPass = "http://127.0.0.1:4778"; };
    };
  };
}