{ config, pkgs, ... }:

{
#  systemd.managerEnvironment = {
#    SYSTEMD_LOG_LEVEL = "debug";
#  };

  

  sops.secrets."git_clone_key" = {
    mode = "0600";
    owner = "yate";
    group = "yate-config";
    restartUnits = [ "yate.service" ];
};

  systemd.services.yate = {
    enable = true;
    description = "Yate telehony engine";
    unitConfig = {
      After= "network-online.target";
    };
    serviceConfig = {
      ExecStart = "${pkgs.yate}/bin/yate -c /etc/yate -e /etc/yate/share";
      Type="simple";
      Restart="always";
      User="yate";
      Group="yate-config";
      StateDirectory = "yate";
      StateDirectoryMode = "0775";
      # ...
    };
    wantedBy = [ "default.target" ];
    requires = [ "network-online.target" ]; 
    preStart = "echo \"\n\" >> /run/secrets/git_clone_key
                sleep 5
                SSH_SUCCESS=1
                ${pkgs.openssh}/bin/ssh -q -i /run/secrets/git_clone_key forgejo@git.hamburg.ccc.de 2> /var/lib/yate/SSH_CHECK_LOG  || SSH_SUCCESS=0
                if [ $SSH_SUCCESS = 1 ]; then
                rm -rf /var/lib/yate/*
                rm -rf /var/lib/yate/.*
                env GIT_SSH_COMMAND=\"${pkgs.openssh}/bin/ssh -i /run/secrets/git_clone_key\" ${pkgs.git}/bin/git clone forgejo@git.hamburg.ccc.de:CCCHH/yate-config.git /var/lib/yate
                ${pkgs.git}/bin/git -C /var/lib/yate config --add safe.directory \"/var/lib/yate\"
                fi";

    # ...
  };
}