{
  hostPath,
  config,
  ...
}: let
  containerAddresses = import "${hostPath}/data/containerAddresses.nix";
  hostIP = containerAddresses.host;
  containerIP = containerAddresses.containers.social;

  inherit (config.services.secrets) secrets;
in {
  services.gotosocial = {
    enable = true;
    setupPostgresqlDB = false;
    environmentFile = secrets.env_secrets.path;

    settings = {
      application-name = "chaos-gts";
      host = "gts-02.owo.monster";
      bind-address = "0.0.0.0";

      log-level = "info";
      log-client-ip = true;

      db-type = "postgres";
      db-user = "gotosocial";
      db-database = "gotosocial";
      db-address = "${containerAddresses.containers.postgresql}";

      trusted-proxies = [
        "127.0.0.1/32"
        "::1"
        hostIP
        containerIP
      ];

      port = 8080;
      letsencrypt-enabled = false;

      accounts-registration-open = false;

      smtp-host = "mail.owo.monster";
      smtp-port = 587;
      smtp-from = "gotosocial@owo.monster";
      smtp-username = "gotosocial@owo.monster";
      smtp-password = ""; # set via env variables

      instance-languages = ["en" "de"];

      media-image-max-size = "64MB";
      media-video-max-size = "1024MB";
      media-description-max-chars = 4000;
      media-emoji-local-max-size = "4MB";
      media-emoji-remote-max-size = "2MB";

      media-remote-cache-days = 1;
      media-cleanup-every = "6h";

      statuses-poll-max-options = 10;
      statuses-media-max-files = 8;

      advanced-rate-limit-requests = 0;

      # only enable when testing out mastodon-api applications
      # that use instance version for api compatibility checks
      # instance-inject-mastodon-version = true;

      cache = {
        memory-target = "128MiB";
      };
    };
  };
}