{
  hostPath,
  config,
  ...
}: let
  containerAddresses = import "${hostPath}/data/containerAddresses.nix";
  hostIP = containerAddresses.host;
  containerIP = containerAddresses.containers.social;

  secrets = config.services.secrets.secrets;
in {
  services.gotosocial = {
    enable = true;
    setupPostgresqlDB = true;
    environmentFile = secrets.env_secrets.path;

    settings = {
      application-name = "chaos-gts";
      host = "gts-01.owo.monster";
      bind-address = "0.0.0.0";

      log-level = "info";
      log-client-ip = false;

      trusted-proxies = [
        "127.0.0.1/32"
        "::1"
        hostIP
        containerIP
      ];

      port = 8080;
      letsencrypt-enabled = false;

      accounts-registration-open = false;

      smtp-host = "mail.owo.monster";
      smtp-port = 587;
      smtp-username = "gotosocial@owo.monster";
      smtp-password = ""; # set via env variables
      smtp-from = "gotosocial@owo.monster";

      media-remote-cache-days = 2;

      media-image-max-size = 1000000 * 64; # MB
      media-video-max-size = 1000000 * 1024; # MB
      media-description-max-chars = 4000;
      media-emoji-local-max-size = 102400;
      media-emoji-remote-max-size = 102400;

      statuses-cw-max-chars = 150;
      statuses-poll-max-options = 10;
      statuses-media-max-files = 8;

      # only enable when testing out mastodon-api applications
      # that use instance version for api compatibility checks
      # instance-inject-mastodon-version = true;

      cache = {
        memory-target = "256MiB";
      };
    };
  };
}