diff --git a/services/matrix/default.nix b/services/matrix/default.nix
new file mode 100644
index 00000000..c3acd3a7
--- /dev/null
+++ b/services/matrix/default.nix
@@ -0,0 +1,47 @@
+{ pkgs, config, ... }:
+let baseUrl = "https://matrix.xenia.me.uk";
+in {
+  imports = [ ../traefik/default.nix ];
+  services.postgresql.enable = true;
+  services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" ''
+    CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
+    CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
+      TEMPLATE template0
+      LC_COLLATE = "C"
+      LC_CTYPE = "C";
+  '';
+
+  services.matrix-synapse = {
+    enable = true;
+    settings.server_name = baseUrl;
+    # The public base URL value must match the `base_url` value set in `clientConfig` above.
+    # The default value here is based on `server_name`, so if your `server_name` is different
+    # from the value of `fqdn` above, you will likely run into some mismatched domain names
+    # in client applications.
+    settings.public_baseurl = baseUrl;
+    settings.listeners = [{
+      port = 8008;
+      bind_addresses = [ "::1" ];
+      type = "http";
+      tls = false;
+      x_forwarded = true;
+      resources = [{
+        names = [ "client" "federation" ];
+        compress = true;
+      }];
+    }];
+  };
+
+  services.traefik.dynamicConfigOptions = {
+    http = {
+      routers.gitea = {
+        rule = "Host(`${baseUrl}`)";
+        entryPoints = [ "http" "https" ];
+        service = "synapse-service";
+        tls = { certResolver = "default"; };
+      };
+      services.synapse-service.loadBalancer.servers =
+        [{ url = "http://localhost:8008"; }];
+    };
+  };
+}