{
  config,
  self,
  pkgs,
  ...
}:

let
  s = config.sops.secrets;
  cfg = config.services.marge-bot;

  secretConfig = {
    owner = cfg.user;
    group = cfg.group;
    sopsFile = ../../secrets/stonehenge/default.yaml;
  };
in
{
  services.marge-bot = {
    enable = true;
    package = self.packages.${pkgs.system}.marge-bot;
    gitlabUrl = "https://gitlab.wopus.dev";
    authTokenFile = s."gitlab-marge-bot/token".path;
    sshKeyFile = s."gitlab-marge-bot/ssh-secret-key".path;
    settings = {
      ci-timeout = "60min";
      add-part-of = true;
      add-reviewers = true;
      keep-reviewers = true;
      keep-commits = true;
      impersonate-approvers = true;

      batch = true;
      use-no-ff-batches = true;
      skip-ci-batches = true;
    };
  };

  sops.secrets."gitlab-marge-bot/token" = secretConfig;
  sops.secrets."gitlab-marge-bot/ssh-secret-key" = secretConfig;
}