{ secrets, ctucxConfig, dnsNix, node, pkgs, config, ... }:

{

  imports = [
    ctucxConfig.services.gotosocial
  ];

  #
  # these are just specific settings for this installation!
  # the settings in `../services/gotosical.nix` are also used!
  #

  dns.zones."zuggeschmack.de" = (dnsNix.combinators.host node.ip4Address node.ip6Address) // {
    subdomains."client".CNAME = [ "${config.networking.fqdn}." ];
  };

  age.secrets.gotosocialEnv.file = secrets."${config.networking.hostName}".gotosocialEnv;

  services.gotosocial = {
    environmentFile = config.age.secrets.gotosocialEnv.path;
    settings        = {
      application-name = "ZugGeschmack.de";

      host             = "zuggeschmack.de";
      account-domain   = "zuggeschmack.de";

      accounts-allow-custom-css  = true;
      accounts-registration-open = true;

      instance-expose-peers         = true;
      instance-expose-suspended     = true;
      instance-expose-suspended-web = true;

      instance-languages            = [ "de" "en-us" ];

      media-local-max-size       = "50MiB";
      media-remote-max-size      = "50MiB";

      media-remote-cache-days    = 3;
      media-cleanup-from         = "01:00";

      smtp-host     = "hector.ctu.cx";
      smtp-port     = 587;
      smtp-username = "gts@zuggeschmack.de";
      smtp-from     = "gts@zuggeschmack.de";
    };
  };

  services.nginx.virtualHosts."client.zuggeschmack.de" = {
    useACMEHost = "${config.networking.fqdn}";
    forceSSL    = true;
    kTLS        = true;
    root        = pkgs.masto-fe-standalone;
    extraConfig = ''
      try_files $uri $uri/ /index.html;
    '';
  };

}