{ config, ... }:
{
  config = {
    custom.cifs-mounts = [ "gotosocial" ];
    services.gotosocial = {
      enable = true;
      settings = {
        log-level = "debug";
        host = "xinyang.life";
        letsencrypt-enabled = false;
        bind-address = "localhost";
        instance-expose-public-timeline = true;
        oidc-enabled = true;
        oidc-idp-name = "Kanidm";
        oidc-issuer = "https://auth.xinyang.life/oauth2/openid/gts";
        oidc-client-id = "gts";
        oidc-link-existing = true;
        storage-local-base-path = "/mnt/storage/gotosocial/storage";
      };
      environmentFile = config.sops.secrets.gts_env.path;
    };

    services.caddy.enable = true;
    services.caddy.virtualHosts."xinyang.life:443".extraConfig = ''
      tls internal
      encode zstd gzip
      reverse_proxy /.well-known/matrix/* localhost:6167
      reverse_proxy * http://localhost:8080 {
          flush_interval -1
      }
    '';
  };
}