{ config, lib, pkgs, pkgs-unstable, lemmy, lemmy-ui, ... }:

{
  imports = [ ./module.nix ];

  services.lemmy-prod = {
    enable = true;
    server.package =
      lemmy.packages.${pkgs.stdenv.hostPlatform.system}.lemmy-server;
    ui.package = lemmy-ui.packages.${pkgs.stdenv.hostPlatform.system}.lemmy-ui;
    nginx.enable = true;
    database.createLocally = true;

    settings = {
      hostname = "awful.systems";
      setup = {
        admin_username = "self";
        admin_email = "self@awful.systems";
        site_name = "awful.systems";
      };
    };
  };

  sops.secrets."lemmy/initial_admin_password" = { };
  sops.secrets."lemmy/smtp_server" = { };
  sops.secrets."lemmy/smtp_login" = { };
  sops.secrets."lemmy/smtp_password" = { };
  sops.secrets."lemmy/smtp_from_address" = { };

  sops.templates.lemmy-prod.content = builtins.toJSON
    (config.services.lemmy-prod.settings // {
      setup = config.services.lemmy-prod.settings.setup // {
        admin_password = config.sops.placeholder."lemmy/initial_admin_password";
      };

      email = {
        smtp_server = config.sops.placeholder."lemmy/smtp_server";
        smtp_login = config.sops.placeholder."lemmy/smtp_login";
        smtp_password = config.sops.placeholder."lemmy/smtp_password";
        smtp_from_address = config.sops.placeholder."lemmy/smtp_from_address";
        tls_type = "starttls";
      };
    });

  systemd.services.lemmy-prod = {
    serviceConfig = {
      User = "lemmy";
      Group = "lemmy";
      LoadCredential = "lemmy-prod:${config.sops.templates.lemmy-prod.path}";
    };

    environment = {
      LEMMY_CONFIG_LOCATION = lib.mkForce "%d/lemmy-prod";
      RUST_BACKTRACE = "full";
      LEMMY_DATABASE_URL =
        pkgs.lib.mkForce "postgres:///lemmy?host=/run/postgresql&user=lemmy";
    };
  };

  networking.firewall.allowedTCPPorts = [ 80 ];
}