{
  flake.modules.nixos.gitserver =
    {
      config,
      pkgs,
      lib,
      ...
    }:
    let
      cfg = config.infra.gitserver;
      workingDirectory = "/var/lib/git";
    in
    {
      options.infra.gitserver = {
        user = lib.mkOption {
          type = lib.types.str;
          description = "The name of the user and group for managing the gitserver.";
          default = "git";
        };

        monorepoDir = lib.mkOption {
          type = lib.types.str;
          description = "The directory that contains the monorepo.";
        };
      };

      config = {
        infra.persist.directories = [
          "${workingDirectory}"
        ];

        infra.gitserver.monorepoDir = "${workingDirectory}/monorepo";

        users = {
          groups."${cfg.user}" = { };
          users."${cfg.user}" = {
            group = cfg.user;
            description = "git user";
            isSystemUser = true;
            home = workingDirectory;
            shell = "${pkgs.git}/bin/git-shell";
          };
        };

        systemd.services.infra-gitserver-monorepo = {
          description = "Initialize the monorepo if it has not already been done so.";
          wantedBy = [ "multi-user.target" ];

          serviceConfig = {
            Type = "oneshot";
            User = cfg.user;
            Group = cfg.user;
            StateDirectory = "git";
            WorkingDirectory = "~";
          };

          path = [ pkgs.git ];
          enableStrictShellChecks = true;
          script = ''
            if [ ! -d "${cfg.monorepoDir}" ]; then
              git init --bare monorepo
            fi

            if [ ! -d "${workingDirectory}/monorepo-public" ]; then
              git init --bare monorepo-public
            fi
          '';
        };

        assertions = [
          {
            assertion = config.infra.tailscale.ssh;
            message = "Tailscale SSH must be enabled when using gitserver.";
          }
        ];

      };
    };
}