From 9db1b7f2e39fc8bd242f1132344eabcf65081462 Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Sun, 30 Jun 2024 14:39:36 +0200
Subject: [PATCH] home: set up git-maintenance daemon

---
 home/home.nix                     |  2 +
 home/services/git-maintenance.nix | 77 +++++++++++++++++++++++++++++++
 hosts/kasei/home/default.nix      | 10 +++-
 3 files changed, 87 insertions(+), 2 deletions(-)
 create mode 100644 home/services/git-maintenance.nix

diff --git a/home/home.nix b/home/home.nix
index 4562aa4..6b1a2a8 100644
--- a/home/home.nix
+++ b/home/home.nix
@@ -21,6 +21,8 @@ in {
     ./programs/tmux.nix
     ./programs/zsh
 
+    ./services/git-maintenance.nix
+
     ./modules/colors.nix
     ./modules/shellAliases.nix
   ] ++ optionals graphics [
diff --git a/home/services/git-maintenance.nix b/home/services/git-maintenance.nix
new file mode 100644
index 0000000..ca9d616
--- /dev/null
+++ b/home/services/git-maintenance.nix
@@ -0,0 +1,77 @@
+{ config, pkgs, lib, ... }:
+{
+  systemd.user.services."git-maintenance@" = {
+    Unit = {
+      Description = "Optimize Git repositories data";
+      Documentation = [ "man:git-maintenance(1)" ];
+    };
+
+    Service = {
+      Type = "oneshot";
+      ExecStart = "${lib.getExe pkgs.git} for-each-repo --config=maintenance.repo maintenance run --schedule=%i";
+
+      LockPersonality = "yes";
+      MemoryDenyWriteExecute = "yes";
+      NoNewPrivileges = "yes";
+      RestrictAddressFamilies = [
+        "AF_UNIX"
+        "AF_INET"
+        "AF_INET6"
+        "AF_VSOCK"
+      ];
+      RestrictNamespaces = "yes";
+      RestrictRealtime = "yes";
+      RestrictSUIDSGID = "yes";
+      SystemCallArchitectures = "native";
+      SystemCallFilter = "@system-service";
+    };
+  };
+
+  systemd.user.timers."git-maintenance@hourly" = {
+    Unit = {
+      Description = "Optimize Git repositories data";
+      Documentation = [ "man:git-maintenance(1)" ];
+    };
+
+    Timer = {
+      OnCalendar = "*-*-* 1..23:05:00";
+      Persistent = true;
+    };
+
+    Install = {
+      WantedBy = [ "timers.target" ];
+    };
+  };
+
+  systemd.user.timers."git-maintenance@daily" = {
+    Unit = {
+      Description = "Optimize Git repositories data";
+      Documentation = [ "man:git-maintenance(1)" ];
+    };
+
+    Timer = {
+      OnCalendar = "Tue..Sun *-*-* 0:05:00";
+      Persistent = true;
+    };
+
+    Install = {
+      WantedBy = [ "timers.target" ];
+    };
+  };
+
+  systemd.user.timers."git-maintenance@weekly" = {
+    Unit = {
+      Description = "Optimize Git repositories data";
+      Documentation = [ "man:git-maintenance(1)" ];
+    };
+
+    Timer = {
+      OnCalendar = "Mon 0:05:00";
+      Persistent = true;
+    };
+
+    Install = {
+      WantedBy = [ "timers.target" ];
+    };
+  };
+}
diff --git a/hosts/kasei/home/default.nix b/hosts/kasei/home/default.nix
index 1147ce4..f9dd480 100644
--- a/hosts/kasei/home/default.nix
+++ b/hosts/kasei/home/default.nix
@@ -1,4 +1,10 @@
-{ ... }:
+{ config, ... }:
 {
-
+  programs.git.extraConfig.maintenance.repo = let
+    home = config.home.homeDirectory;
+  in [
+    "${home}/nix"
+    "${home}/nixpkgs"
+    "${home}/pvv/nix"
+  ];
 }
\ No newline at end of file