{ config, pkgs, ... }: {
  sops.secrets."services/nyastodon/extraEnvFile" = {
    sopsFile = ../../secrets/services/nyastodon.yaml;
    owner = "mastodon";
  };
  sops.secrets."services/nyastodon/secretKeyBaseFile" = {
    sopsFile = ../../secrets/services/nyastodon.yaml;
    owner = "mastodon";
  };
  sops.secrets."services/nyastodon/otpSecretFile" = {
    sopsFile = ../../secrets/services/nyastodon.yaml;
    owner = "mastodon";
  };
  sops.secrets."services/nyastodon/vapidPrivateKeyFile" = {
    sopsFile = ../../secrets/services/nyastodon.yaml;
    owner = "mastodon";
  };
  sops.secrets."services/nyastodon/vapidPublicKeyFile" = {
    sopsFile = ../../secrets/services/nyastodon.yaml;
    owner = "mastodon";
  };
  services.mastodon = {
    enable = true;
    package = pkgs.nyastodon;
    localDomain = config.networking.fqdn; 
    configureNginx = true;
    smtp.fromAddress = "webmaster@girldick.gay"; 
    streamingProcesses = 16;
    extraEnvFiles = [ config.sops.secrets."services/nyastodon/extraEnvFile".path ];
    secretKeyBaseFile = config.sops.secrets."services/nyastodon/secretKeyBaseFile".path;
    otpSecretFile = config.sops.secrets."services/nyastodon/otpSecretFile".path;
    vapidPrivateKeyFile = config.sops.secrets."services/nyastodon/vapidPrivateKeyFile".path;
    vapidPublicKeyFile = config.sops.secrets."services/nyastodon/vapidPublicKeyFile".path;
  };
}