{ config, lib, pkgs, pkgs-unstable, ... }:

{
  imports = [ ./prod.nix ];

  services.lemmy-prod = {
    enable = true;
    server.package = pkgs.callPackage ./server.nix { Security = null; };
    ui.package = pkgs.callPackage ./ui.nix { };
    nginx.enable = true;
    database.createLocally = true;

    settings = {
      hostname = "awful.systems";
      setup = {
        admin_username = "self";
        admin_email = "self@awful.systems";
        site_name = "awful.systems";
      };
    };
  };

  sops.secrets."lemmy/initial_admin_password" = { };
  sops.secrets."lemmy/smtp_server" = { };
  sops.secrets."lemmy/smtp_login" = { };
  sops.secrets."lemmy/smtp_password" = { };
  sops.secrets."lemmy/smtp_from_address" = { };

  sops.templates.lemmy-prod.content = builtins.toJSON
    (config.services.lemmy-prod.settings // {
      setup = config.services.lemmy-prod.settings.setup // {
        admin_password = config.sops.placeholder."lemmy/initial_admin_password";
      };

      # email = {
      #   smtp_server = config.sops.placeholder."lemmy/smtp_server";
      #   smtp_login = config.sops.placeholder."lemmy/smtp_login";
      #   smtp_password = config.sops.placeholder."lemmy/smtp_password";
      #   smtp_from_address = config.sops.placeholder."lemmy/smtp_from_address";
      #   tls_type = "tls";
      # };
    });

  systemd.services.lemmy-prod = {
    serviceConfig = {
      User = "lemmy";
      Group = "lemmy";
      LoadCredential = ''lemmy-prod:${config.sops.templates.lemmy-prod.path}'';
    };

    environment = {
      LEMMY_CONFIG_LOCATION = lib.mkForce "%d/lemmy-prod";
      RUST_BACKTRACE = "full";
      LEMMY_DATABASE_URL =
        pkgs.lib.mkForce "postgres:///lemmy?host=/run/postgresql&user=lemmy";
    };
  };

  networking.firewall.allowedTCPPorts = [ 80 ];
}