{ config, lib, ... }:
let
  cfg = config.services.gotosocial;
  secrets = config.age.secrets;
  domain = config.networking.domain;
  fqdn = "${cfg.subdomain}.${domain}";
  port = cfg.settings.port;
in
{
  options.services.gotosocial = {
    subdomain = lib.mkOption {
      type = lib.types.str;
    };
  };

  config = lib.mkIf cfg.enable {
    services = {
      gotosocial = {
        environmentFile = secrets.gotosocial.path;
        settings = {
          host = fqdn;
          account-domain = domain;
          protocol = "https";
          bind-address = "localhost";
          instance-inject-mastodon-version = true;
          accounts-registration-open = true;
          instance-expose-public-timeline = true;
          letsencrypt-enabled = false;
        };
        setupPostgresqlDB = true;
      };

      webserver.vHosts = {
        ${domain}.locations = lib.listToAttrs (
          lib.map
            (path: {
              name = "/.well-known/${path}";
              value.extraConfig = ''
                rewrite ^.*$ https://${fqdn}/.well-known/${path} permanent;
              '';
            })
            [
              "host-meta"
              "webfinger"
              "nodeinfo"
            ]
        );

        "${fqdn}".locations."/".proxyPort = port;
      };
    };
  };
}