nixos/nixos/hosts/dis-sociat-ing/default.nix

{ inputs, pkgs, config, lib, ... }: {
  imports = [
    ../../templates/proxmox-lxc.nix
    ../../server.nix
    ../../features/dns-cache.nix
    inputs.iceshrimp.nixosModules.iceshrimp {}
  ];

  networking.hostName = "dis-sociat-ing";
  system.stateVersion = "24.05";
  nixpkgs.hostPlatform = "x86_64-linux";

  sops.secrets.db_password = {
    sopsFile = ../../../secrets/dis-sociat-ing/default.yaml;
    owner = config.services.iceshrimp.user;
    group = config.services.iceshrimp.group;
    mode = "0444";
  };

  sops.templates."secrets.yaml" = {
    content = (builtins.toJSON {
      db = {
        pass = config.sops.placeholder.db_password;
      };
    });
    owner = config.services.iceshrimp.user;
    group = config.services.iceshrimp.group;
  };


  services.iceshrimp = {
    enable = true;
    # package = inputs.iceshrimp-withdrawal.packages.${pkgs.system}.iceshrimp.withdrawal;
    settings = {
      url = "https://dis.sociat.ing";
      enableMetrics = true;
      maxNoteLength = 100000;
    };
    dbPasswordFile = config.sops.secrets.db_password.path;
    createDb = true;
    configureNginx.enable = false;
    secretConfig = config.sops.templates."secrets.yaml".path; 
  };

  services.postgresql.package = pkgs.postgresql_15;
  services.redis.servers.iceshrimp.logfile = "stdout";
  # boot.kernel.sysctl."net.ipv6.conf.eth0.disable_ipv6" = true;
}