{ config, pkgs, ... }:

{
#  systemd.managerEnvironment = {
#    SYSTEMD_LOG_LEVEL = "debug";
#  };

  

  sops.secrets."git_clone_key" = {
    mode = "0600";
    owner = "yate";
    group = "yate-config";
    restartUnits = [ "yate.service" ];
};

  systemd.services.yate = {
    enable = true;
    description = "Yate telehony engine";
    unitConfig = {
      Type = "simple";
      After= "network.target";
    };
    serviceConfig = {
      ExecStart = "${pkgs.yate}/bin/yate -c /etc/yate -e /etc/yate/share";
      Type="simple";
      Restart="always";
      User="yate";
      Group="yate-config";
      StateDirectory = "yate";
      StateDirectoryMode = "0775";
      # ...
    };
    wantedBy = [ "default.target" ];
    requiredBy = [ "network.target" ]; 
    preStart = "echo \"\n\" >> /run/secrets/git_clone_key
                sleep 1
                SSH_SUCCESS=1
                ${pkgs.openssh}/bin/ssh -q -i /run/secrets/git_clone_key forgejo@git.hamburg.ccc.de || SSH_SUCCESS=0
                if [ $SSH_SUCCESS = 1 ]; then
                rm -rf /var/lib/yate/*
                rm -rf /var/lib/yate/.*
                ${pkgs.git}/bin/git init /var/lib/yate
                ${pkgs.git}/bin/git -C /var/lib/yate config --add safe.directory \"/var/lib/yate\"
                ${pkgs.git}/bin/git -C /var/lib/yate remote add origin forgejo@git.hamburg.ccc.de:echtnurich/yate-config.git
                env GIT_SSH_COMMAND=\"${pkgs.openssh}/bin/ssh -i /run/secrets/git_clone_key\"  ${pkgs.git}/bin/git -C /var/lib/yate fetch --all
                ${pkgs.git}/bin/git -C /var/lib/yate checkout --track -f origin/master
                fi";

    # ...
  };
}