From bfd684efccc27b23d8f38443c382b15824218545 Mon Sep 17 00:00:00 2001
From: Christoph Hollizeck <christoph.hollizeck@hey.com>
Date: Tue, 22 Jul 2025 11:23:54 +0200
Subject: [PATCH] git: setup git maintenance declarativly using home manager

---
 modules/home/tools/git/default.nix | 59 ++++++++++++++++++++++++++++++
 1 file changed, 59 insertions(+)

diff --git a/modules/home/tools/git/default.nix b/modules/home/tools/git/default.nix
index 12cd822..800c204 100644
--- a/modules/home/tools/git/default.nix
+++ b/modules/home/tools/git/default.nix
@@ -21,6 +21,65 @@ in
   };
 
   config = mkIf cfg.enable {
+    systemd.user = {
+      services."git-maintenance@" = {
+        Unit = {
+          Description = "Optimize Git repositories data";
+        };
+        Service = {
+          Type = "oneshot";
+          ExecStart = ''"${lib.getExe config.programs.git.package}" --exec-path="${lib.getBin config.programs.git.package}/bin" -c credential.interactive=false -c core.askPass=true for-each-repo --config=maintenance.repo maintenance run --schedule=%i'';
+          LockPersonality = "yes";
+          MemoryDenyWriteExecute = "yes";
+          NoNewPrivileges = "yes";
+          RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6 AF_VSOCK";
+          RestrictNamespaces = "yes";
+          RestrictRealtime = "yes";
+          RestrictSUIDSGID = "yes";
+          SystemCallArchitectures = "native";
+          SystemCallFilter = "@system-service";
+        };
+      };
+      timers = {
+        "git-maintenance@hourly" = {
+          Unit = {
+            Description = "Optimize Git repositories data";
+          };
+          Timer = {
+            OnCalendar = "*-*-* *:00:00";
+            Persistent = true;
+          };
+          Install = {
+            WantedBy = [ "timers.target" ];
+          };
+        };
+        "git-maintenance@daily" = {
+          Unit = {
+            Description = "Optimize Git repositories data";
+          };
+          Timer = {
+            OnCalendar = "*-*-* 20:00:00";
+            Persistent = true;
+          };
+          Install = {
+            WantedBy = [ "timers.target" ];
+          };
+        };
+        "git-maintenance@weekly" = {
+          Unit = {
+            Description = "Optimize Git repositories data";
+          };
+          Timer = {
+            OnCalendar = "Sun *-*-* 20:00:00";
+            Persistent = true;
+          };
+          Install = {
+            WantedBy = [ "timers.target" ];
+          };
+        };
+      };
+    };
+
     programs.git = {
       enable = true;
       inherit (cfg) userName userEmail;