{
  config,
  inputs,
  pkgs,
  ...
}: let
  domain = "lothlorien.social";
  akkomaPort = 4000;
  conduitPort = 6167;
in {
  networking.firewall.allowedTCPPorts = [akkomaPort conduitPort];

  services.postgresql = {
    package = pkgs.postgresql_16;
    enable = true;
    ensureDatabases = ["akkoma"];
    ensureUsers = [
      {
        name = "akkoma";
        ensureDBOwnership = true;
      }
    ];
  };

  services.akkoma = {
    enable = true;
    user = "akkoma";
    group = "akkoma";
    config = {
      ":pleroma" = {
        ":instance" = {
          description = "Personal instance";
          email = "jonni@liljamo.com"; # FIXME: maybe abuse@lothlorien.social?
          name = "Lothlórien";
          registrations_open = false;
        };

        "Pleroma.Repo" = {
          adapter = (pkgs.formats.elixirConf {}).lib.mkRaw "Ecto.Adapters.Postgres";
          socket_dir = "/run/postgresql";
          username = config.services.akkoma.user;
          database = "akkoma";
        };

        # FIXME: different subdomain as recommended.
        "Pleroma.Upload".base_url = "https://lothlorien.social/media/";

        "Pleroma.Web.Endpoint".http.ip = "0.0.0.0";
        "Pleroma.Web.Endpoint".http.port = akkomaPort;

        "Pleroma.Web.Endpoint".url.host = domain;
        "Pleroma.Web.Endpoint".url.port = 443;
      };
    };
  };

  services.matrix-conduit = {
    package = inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.conduwuit;
    enable = true;
    # https://github.com/girlbossceo/conduwuit/blob/main/conduwuit-example.toml
    settings.global = {
      address = "0.0.0.0";
      allow_check_for_updates = true;
      allow_encryption = true;
      allow_federation = true;
      allow_registration = false;
      database_backend = "rocksdb";
      max_request_size = 512000000;
      new_user_displayname_suffix = "";
      port = conduitPort;
      server_name = domain;
      trusted_servers = ["matrix.org"];
    };
  };

  system.stateVersion = "24.05";
}