{ pkgs, ... }:
let
  baseUrl = "matrix.xenia.me.uk";
  port = 8008;
in {
  imports = [ ../traefik/default.nix ];
  services.postgresql.enable = true;
  services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" ''
    CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
    CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
      TEMPLATE template0
      LC_COLLATE = "C"
      LC_CTYPE = "C";
  '';

  services = {
    matrix-synapse = {
      enable = true;
      settings.server_name = "https://${baseUrl}";
      # The public base URL value must match the `base_url` value set in `clientConfig` above.
      # The default value here is based on `server_name`, so if your `server_name` is different
      # from the value of `fqdn` above, you will likely run into some mismatched domain names
      # in client applications.
      settings.public_baseurl = "https://${baseUrl}";
      settings.listeners = [{
        inherit port;
        bind_addresses = [ "::1" ];
        type = "http";
        tls = false;
        x_forwarded = true;
        resources = [{
          names = [ "client" "federation" ];
          compress = true;
        }];
      }];
    };
    traefik.dynamicConfigOptions.http = {
      routers.gitea = {
        rule = "Host(`${baseUrl}`)";
        entryPoints = [ "http" "https" ];
        service = "synapse-service";
        tls = { certResolver = "default"; };
      };
      services.synapse-service.loadBalancer.servers =
        [{ url = "http://localhost:${port}"; }];
    };
  };
}