From 9a7d1c0edbe49412be2749ad9d8723f310705c89 Mon Sep 17 00:00:00 2001
From: Christian Harke <christian@harke.ch>
Date: Tue, 25 Jun 2024 23:08:07 +0200
Subject: [PATCH] Enable git maintenance for nix repositories

---
 home/users/christian/git/default.nix | 68 ++++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)

diff --git a/home/users/christian/git/default.nix b/home/users/christian/git/default.nix
index 5a693572..0e871a40 100644
--- a/home/users/christian/git/default.nix
+++ b/home/users/christian/git/default.nix
@@ -46,6 +46,13 @@ in
         ss = "status -s";
       };
 
+      extraConfig = {
+        maintenance.repo = [
+          "${config.home.homeDirectory}/.nix-config"
+          "${config.home.homeDirectory}/code/nixcfg"
+        ];
+      };
+
       ignores = [
         # Taken from https://github.com/github/gitignore
 
@@ -365,5 +372,66 @@ in
         "*.vsix"
       ];
     };
+
+    systemd.user = {
+      services = {
+        "git-maintenance@" = {
+          Unit = {
+            Description = "Optimize Git repositories data";
+          };
+          Service = {
+            Type = "oneshot";
+            ExecStart = "\"${pkgs.git}/libexec/git-core/git\" --exec-path=\"${pkgs.git}/libexec/git-core\" for-each-repo --config=maintenance.repo maintenance run --schedule=%i";
+            LockPersonality = "yes";
+            MemoryDenyWriteExecute = "yes";
+            NoNewPrivileges = "yes";
+            RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6 AF_VSOCK";
+            RestrictNamespaces = "yes";
+            RestrictRealtime = "yes";
+            RestrictSUIDSGID = "yes";
+            SystemCallArchitectures = "native";
+            SystemCallFilter = "@system-service";
+          };
+        };
+      };
+      timers = {
+        "git-maintenance@daily" = {
+          Unit = {
+            Description = "Optimize Git repositories data";
+          };
+          Timer = {
+            OnCalendar = "Tue..Sun *-*-* 0:27:00";
+            Persistent = "true";
+          };
+          Install = {
+            WantedBy = [ "timers.target" ];
+          };
+        };
+        "git-maintenance@hourly" = {
+          Unit = {
+            Description = "Optimize Git repositories data";
+          };
+          Timer = {
+            OnCalendar = "*-*-* 1..23:27:00";
+            Persistent = "true";
+          };
+          Install = {
+            WantedBy = [ "timers.target" ];
+          };
+        };
+        "git-maintenance@weekly" = {
+          Unit = {
+            Description = "Optimize Git repositories data";
+          };
+          Timer = {
+            OnCalendar = "Mon 0:27:00";
+            Persistent = "true";
+          };
+          Install = {
+            WantedBy = [ "timers.target" ];
+          };
+        };
+      };
+    };
   };
 }