{ config, lib, ... }:
let
  cfg = config.modules.services.gotosocial;
  domain = config.networking.domain;
  fqdn = "${cfg.subdomain}.${domain}";
  port = cfg.port;
in
{
  options.modules.services.gotosocial = {
    enable = lib.mkEnableOption "Enable Gotosocial";
    subdomain = lib.mkOption {
      type = lib.types.str;
    };
    port = lib.mkOption {
      type = lib.types.int;
      default = 3500;
    };
    settings = lib.mkOption {
      type = lib.types.attrs;
      default = { };
    };
  };

  config = lib.mkIf cfg.enable {
    services.gotosocial = {
      enable = true;
      environmentFile = "/var/secrets/gotosocial.env";
      settings = {
        host = fqdn;
        account-domain = domain;
        protocol = "https";
        bind-address = "localhost";
        instance-languages = [ "de" "fi" "en" ];
        instance-inject-mastodon-version = true;
        accounts-registration-open = true;
        instance-expose-public-timeline = true;
        letsencrypt-enabled = false;
        inherit port;
      } // cfg.settings;
      setupPostgresqlDB = true;
    };

    modules.services.webserver.vHosts = {
      ${domain}.locations = lib.listToAttrs (
        lib.map
          (path: {
            name = "/.well-known/${path}";
            value.extraConfig = ''
              rewrite ^.*$ https://${fqdn}/.well-known/${path} permanent;
            '';
          }) [
          "host-meta"
          "webfinger"
          "nodeinfo"
        ]
      );

      "${fqdn}".locations."/".proxyPort = port;
    };
  };
}