{ config, lib, ... }:
let
  mastodonPort = 5328;
in
{
  config = lib.mkMerge [
    (lib.mkIf (config.networking.hostName == "nixnas") {
      services.mastodon = {
        enable = true;
        localDomain = "claytonhickey.me";
        smtp.fromAddress = "mastodon@claytonhickey.me";
        streamingProcesses = 3;
        extraConfig.SINGLE_USER_MODE = "true";
        extraConfig.WEB_DOMAIN = "mastodon.claytonhickey.me";
        #webPort = mastodonPort;
        #enableUnixSocket = false;
        trustedProxy = "127.0.0.1,10.100.0.1";
        configureNginx = true;
      };
      networking.firewall.interfaces.${config.cos.wireguard.interface}.allowedTCPPorts = [
        mastodonPort
      ];
      services.nginx.virtualHosts."${config.services.mastodon.localDomain}" = {
        forceSSL = false;
        enableACME = false;

        serverName = "mastodon.claytonhickey.me";

        listen = [{
          addr = "10.100.0.2";
          port = mastodonPort;
        } {
          addr = "127.0.0.1";
          port = mastodonPort;
        }];

        #locations."/" = {
        #  proxyPass = "http://unix:/run/mastodon-web/web.socket";
        #  tryFiles = lib.mkForce null;
        #};
        locations."@proxy" = {
          recommendedProxySettings = false;
          extraConfig = ''
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto https;
            proxy_set_header Proxy "";
            proxy_pass_header Server;

            proxy_buffering on;
            proxy_redirect off;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;

            tcp_nodelay on;
          '';
        };
      };
    })
  ];
}