{ pkgs, config, ... }:
let baseUrl = "https://matrix.xenia.me.uk";
in {
  imports = [ ../traefik/default.nix ];
  services.postgresql.enable = true;
  services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" ''
    CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
    CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
      TEMPLATE template0
      LC_COLLATE = "C"
      LC_CTYPE = "C";
  '';

  services.matrix-synapse = {
    enable = true;
    settings.server_name = baseUrl;
    # The public base URL value must match the `base_url` value set in `clientConfig` above.
    # The default value here is based on `server_name`, so if your `server_name` is different
    # from the value of `fqdn` above, you will likely run into some mismatched domain names
    # in client applications.
    settings.public_baseurl = baseUrl;
    settings.listeners = [{
      port = 8008;
      bind_addresses = [ "::1" ];
      type = "http";
      tls = false;
      x_forwarded = true;
      resources = [{
        names = [ "client" "federation" ];
        compress = true;
      }];
    }];
  };

  services.traefik.dynamicConfigOptions = {
    http = {
      routers.gitea = {
        rule = "Host(`${baseUrl}`)";
        entryPoints = [ "http" "https" ];
        service = "synapse-service";
        tls = { certResolver = "default"; };
      };
      services.synapse-service.loadBalancer.servers =
        [{ url = "http://localhost:8008"; }];
    };
  };
}