{ ... }:
let
  baseUrl = "xenia.me.uk";
  port = 8008;
in
{
  imports = [ ./caddy.nix ];
  services = {
    matrix-synapse = {
      enable = true;
      settings = {
        server_name = baseUrl;
        public_baseurl = baseUrl;
        listeners = [
          {
            inherit port;
            bind_addresses = [
              "127.0.0.1"
              "::1"
            ];
            type = "http";
            tls = false;
            x_forwarded = true;
            resources = [
              {
                names = [
                  "client"
                  "federation"
                ];
                compress = true;
              }
            ];
          }
        ];
      };
      extraConfigFiles = [ "/run/secrets/matrix-shared-secret" ];
    };
    caddy.virtualHosts."xenia.me.uk".extraConfig = ''
      header /.well-known/matrix/* Content-Type application/json
      header /.well-known/matrix/* Access-Control-Allow-Origin *
      respond /.well-known/matrix/server `{"m.server": "matrix.${baseUrl}:443"}`
      respond /.well-known/matrix/client `{"m.homeserver":{"base_url":"https://matrix.${baseUrl}"}}`
    '';
    caddy.virtualHosts."matrix.xenia.me.uk".extraConfig = ''
      reverse_proxy /_matrix/* localhost:${port}
      reverse_proxy /_synapse/client/* localhost:${port}
    '';
  };
}