{ config, ... }:

let
  host = "social.dgnum.eu";
in
{
  services.mastodon = {
    enable = true;

    localDomain = host;
    smtp = {
      fromAddress = "noreply@infra.dgnum.eu";
      host = "kurisu.lahfa.xyz";
      port = 465;
      user = "web-services@infra.dgnum.eu";
      passwordFile = config.age.secrets.mastodon-smtp-password.path;
      authenticate = true;
    };

    streamingProcesses = 4;

    configureNginx = true;

    extraConfig = {
      # https://docs.codeberg.org/codeberg-pages/redirects/ is not yet active
      # LOCAL_DOMAIN = "dgnum.eu";
      WEB_DOMAIN = host;

      SMTP_TLS = "true";

      RAILS_LOG_LEVEL = "warn";

      # ObjectStorage configuration
      S3_ENABLED = "true";
      S3_BUCKET = "mastodon-dgnum";
      S3_REGION = "garage";
      S3_HOSTNAME = "s3.dgnum.eu";
      S3_ALIAS_HOST = "cdn.dgnum.eu";

      # TODO: Setup SAML & OIDC
      # OIDC_ENABLED = true;
      # SAML_ENABLED = true;
    };

    extraEnvFiles = [ config.age.secrets."mastodon-extra_env_file".path ];
  };

  age-secrets.autoMatch = [ "mastodon" ];
}