{
  config,
  pkgs,
  ...
}: let
  domain = "sondell.org";
  hostName = "matrix";
  fqdn = "${hostName}.${domain}";
  baseUrl = "https://${fqdn}";
  clientConfig."m.homeserver".base_url = baseUrl;
  serverConfig."m.server" = "${fqdn}:443";
  mkWellKnown = data: ''
    default_type application/json;
    add_header Access-Control-Allow-Origin *;
    return 200 '${builtins.toJSON data}';
  '';
in {
  #
  services.matrix-synapse = {
    enable = true;
    settings.enable_registration = true;
    settings.enable_registration_without_verification = true;
    settings.server_name = domain;
    settings.public_baseurl = baseUrl;
    settings.listeners = [
      {
        port = 8008;
        type = "http";
        tls = false;
        x_forwarded = true;
        resources = [
          {
            names = ["client" "federation"];
            compress = true;
          }
        ];
      }
    ];
  };

  services.postgresql = {
    enable = true;
    initialScript = pkgs.writeText "synapse-init.sql" ''
      CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
      CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
        TEMPLATE template0
        LC_COLLATE = "C"
        LC_CTYPE = "C";
    '';
  };

  services.nginx.virtualHosts = {
    ${fqdn} = {
      # locations."/".extraConfig = ''
      #   return 404;
      # '';
      # Forward all Matrix API calls to the synapse Matrix homeserver. A trailing slash
      # *must not* be used here.
      locations."/_matrix".proxyPass = "http://[::1]:8008";
      # Forward requests for e.g. SSO and password-resets.
      locations."/_synapse/client".proxyPass = "http://[::1]:8008";
    };

    ${domain} = {
      enableACME = true;
      # locations."/" = {
      #   proxyPass = "http://localhost:8008";
      # };
      # This section is not needed if the server_name of matrix-synapse is equal to
      # the domain (i.e. example.org from @foo:example.org) and the federation port
      # is 8448.
      # Further reference can be found in the docs about delegation under
      # https://element-hq.github.io/synapse/latest/delegate.html
      locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
      # This is usually needed for homeserver discovery (from e.g. other Matrix clients).
      # Further reference can be found in the upstream docs at
      # https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixclient
      locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
    };
  };
}