{ pkgs, tree, ... }:
let
  ports = (import ../ports.nix { });

  misskeyDomain = "social.owo.monster";

  misskeyPackages = with pkgs; [
    nodejs
    yarn
    nodePackages.node-gyp

    python3
    pkg-config
    glib
    vips

    stdenv
  ];

  misskeyPackage = pkgs.misskey-static;

  misskeyConfig = {
    url = "https://${misskeyDomain}/";
    port = ports.misskey;
    id = "aid";

    db = {
      host = "localhost";
      port = "5432";
      db = "misskey";
      user = "misskey";
      pass = "password";
    };

    redis = {
      host = "127.0.0.1";
      port = ports.misskey-redis;
    };

    clusterLimit = 4;
    outgoingAddressFamily = "dual";
  };

  misskeyConfigFile = builtins.toFile "default.yml"
    (pkgs.lib.generators.toYAML { } misskeyConfig);

in {
  users.users."misskey" = {
    isNormalUser = true;
    createHome = true;
  };

  home-manager.users."misskey" = {
    home.packages = misskeyPackages;
    home.stateVersion = "22.05";

    imports = with tree; [ home.base home.dev.small ];
  };

  systemd.tmpfiles.rules = [ "d /home/misskey/misskey-files - misskey users" ];

  systemd.services.misskey-files = {
    serviceConfig.Type = "oneshot";
    wantedBy = [ "misskey.service" ];
    after = [ "home-manager-misskey.service" "network.target" ];
    path = with pkgs; [ bash git rsync ] ++ misskeyPackages;
    reloadTriggers = [ misskeyPackage misskeyConfigFile ];

    script = ''
      mkdir -p /home/misskey/misskey || true
      rsync -avh ${misskeyPackage}/ /home/misskey/misskey/ --delete --exclude node_modules

      rm -rf /home/misskey/misskey/.config
      mkdir /home/misskey/misskey/.config
      cat ${misskeyConfigFile} > /home/misskey/misskey/.config/default.yml

      ln -s /home/misskey/misskey-files /home/misskey/misskey/files

      cd /home/misskey/misskey
      yarn install
      NODE_ENV=production yarn build

      chown -R misskey:users /home/misskey/misskey
    '';
  };

  systemd.services.misskey-password = {
    serviceConfig.Type = "oneshot";
    wantedBy = [ "misskey.service" ];
    wants = [ "postgresql.service" ];
    after = [ "postgresql.service" ];
    script = ''
      ${pkgs.postgresql}/bin/psql -c "ALTER USER misskey WITH PASSWORD 'password';"
    '';
    serviceConfig.User = "misskey";
  };

  systemd.services.misskey = {
    wantedBy = [ "multi-user.target" ];
    after = [ "misskey-password.service" "misskey-files.service" ];
    wants = [ "postgresql.service" "redis-misskey.service" ];
    path = with pkgs; [ bash git ] ++ misskeyPackages;
    environment.NODE_ENV = "production";
    serviceConfig = {
      User = "misskey";
      WorkingDirectory = "/home/misskey/misskey";
      ExecStartPre = "${pkgs.yarn}/bin/yarn migrate";
      ExecStart =
        "${pkgs.nodejs}/bin/node --experimental-json-modules packages/backend/built/index.js";
      #TimeoutSec = 60;
      #StandardOutput = "syslog";
      #StandardError = "syslog";
      #SyslogIdentifier = "misskey";
      #Restart = "always";
    };
  };

  services.nginx.virtualHosts."${misskeyDomain}" = {
    forceSSL = true;
    enableACME = true;
    locations = {
      "/" = {
        proxyPass = "http://127.0.0.1:${toString ports.misskey}";
        proxyWebsockets = true;
      };
    };
  };

  services.postgresql = {
    enable = true;
    ensureUsers = [{
      name = "misskey";
      ensurePermissions."DATABASE misskey" = "ALL PRIVILEGES";
    }];
    ensureDatabases = [ "misskey" ];
    initialScript = pkgs.writeText "init" ''
      create user misskey with password 'password';
      grant all privileges on database misskey to misskey;
    '';
  };

  services.redis.servers."misskey" = {
    enable = true;
    port = ports.misskey-redis;
  };
}