{ config, pkgs, lib, ... }:
let
  main_ip = "127.0.1.2";
in
{
  sops.secrets."matrix/synapse/registrationsecret" = {
    restartUnits = [ "matrix-synapse.service" ];
    owner = "matrix-synapse";
    group = "matrix-synapse";
  };

  services.matrix-synapse-next = {
    enable = true;
    enableNginx = true;

    workers = {
      federationSenders = 1;
      federationReceivers = 2;
      initialSyncers = 1;
      normalSyncers = 1;
      eventPersisters = 1;
      useUserDirectoryWorker = true;
    };


    extraConfigFiles = [
      config.sops.secrets."matrix/synapse/registrationsecret".path
    ];

    settings = {
      server_name = "feal.no";
      public_baseurl = "https://matrix.feal.no";
      database.name = "psycopg2";
      autocreate_auto_join_rooms = false;
      max_upload_size = "50M";

      #registration_shared_secret = "do_not_put_secret_here_use_extraConfigFiles";

      trusted_key_servers = [
        {
          server_name = "matrix.org";
          verify_keys = {};
        }
      ];

      enable_registration = false;
      use_presence = true;

      url_preview_enabled = true;
      url_preview_ip_range_blacklist = [
        # synapse example config
        "127.0.0.0/8"
        "10.0.0.0/8"
        "172.16.0.0/12"
        "192.168.0.0/16"
        "100.64.0.0/10"
        "192.0.0.0/24"
        "169.254.0.0/16"
        "192.88.99.0/24"
        "198.18.0.0/15"
        "192.0.2.0/24"
        "198.51.100.0/24"
        "203.0.113.0/24"
        "224.0.0.0/4"
        "::1/128"
        "fe80::/10"
        "fc00::/7"
        "2001:db8::/32"
        "ff00::/8"
        "fec0::/10"
      ];

      tls_certificate_path = "/etc/ssl-snakeoil/matrix_feal_no.crt";
      tls_private_key_path = "/etc/ssl-snakeoil/matrix_feal_no.key";

      /* listeners = [ */
      /*   { port = 8008; */
      /*     bind_addresses = [ main_ip ]; */
      /*     type = "http"; */
      /*     tls = false; */
      /*     x_forwarded = true; */
      /*     resources = [ */
      /*       { names = [ "client" ]; compress = true; } */
      /*       { names = [ "federation" ]; compress = true; } */
      /*     ]; */
      /*   } */
      /* ]; */
    };
  };

  services.redis.servers."".enable = true;
  networking.firewall.allowedTCPPorts = [ 80 443 ];

  services.nginx.virtualHosts."matrix.feal.no" = {
    enableACME = lib.mkForce false;
    forceSSL = lib.mkForce false;
    /* sslCertificate = "/etc/ssl-snakeoil/matrix_feal_no.crt"; */
    /* sslKey = "/etc/ssl-snakeoil/matrix_feal_no.key"; */
  };

  /* services.nginx = { */
  /*   enable = true; */
  /*   enableReload = true; */

  /*   recommendedOptimisation = true; */
  /*   recommendedGzipSettings = true; */
  /*   recommendedProxySettings = true; */

  /*   virtualHosts."matrix.feal.no" = { */
  /*     locations."/_matrix" = { */
  /*       proxyPass = "http://${main_ip}:8008"; */
  /*       extraConfig = '' */
  /*         client_max_body_size 50M; */
  /*       ''; */
  /*     }; */
  /*     # locations."/_synapse/client".proxyPass = "http://${main_ip}:8008"; */
  /*     locations."/" = { */
  /*       proxyPass = "http://${main_ip}:8008"; */
  /*     }; */
  /*   }; */
  /* }; */
}