{ config, ... }:
let
  wellKnownLocations = [
    "/.well-known/webfinger"
    "/.well-known/host-meta"
    "/.well-known/nodeinfo"
  ];
  gtsConfig = config.services.gotosocial.settings;
in
{
  services.gotosocial = {
    enable = true;
    openFirewall = true;
    setupPostgresqlDB = true;
    settings = {
      applications-name = "Dala's personnal instance";
      host = "gts.dalaran.fr";
      account-domain = "dalaran.fr";
      bind-address = "localhost";
    };
  };

  services.nginx.virtualHosts = {
    "dalaran.fr".locations = builtins.listToAttrs (
      map (location: {
        name = location;
        value.return = "301 https://gts.dalaran.fr$request_uri";
      }) wellKnownLocations
    );

    "gts.dalaran.fr" = {
      enableACME = true;
      forceSSL = true;

      locations."/" = {
        recommendedProxySettings = true;
        proxyWebsockets = true;
        proxyPass = "http://${gtsConfig.bind-address}:${builtins.toString gtsConfig.port}";

        extraConfig = ''
          proxy_set_header Host $host;
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection "upgrade";
          proxy_set_header X-Forwarded-For $remote_addr;
          proxy_set_header X-Forwarded-Proto $scheme;
        '';
      };
    };
  };
}