{ config, pkgs, lib, mkDomain, ... }:
{
  # matrix-synapse
  /**/
  services.matrix-synapse = {
    #enable = true;
    settings = {
        server_name = "${config.networking.domain}"
        public_baseurl = mkDomain "matrix";
        url_preview_enabled = false;
        max_upload_size = "100M";
        trusted_key_servers = [
            {server_name = "matrix.org";}
            {server_name = "dodsorf.as";}
            {server_name = "pvv.ntnu.no";}
        ];
        listeners = [
          {
            bind_addresses = [
              "127.0.0.1"
            ];
            port = 8008;
            resources = [
              {
                compress = true;
                names = [
                  "client"
                ];
              }
              {
                compress = false;
                names = [
                  "federation"
                ];
              }
            ];
            tls = false;
            type = "http";
            x_forwarded = true;
          }
        ];
    };
  };
  services.nginx.virtualHosts.${mkDomain "matrix"} = lib.mkIf config.services.matrix-synapse.enable {
    forceSSL = true; # addSSL = true;
    enableACME = true; #useACMEHost = acmeDomain;
    locations."/_matrix" = {
      proxyPass = "http://127.0.0.1:${toString (builtins.elemAt 0 config.services.matrix-synaps.listeners).port}";
      #proxyWebsockets = true;
      extraConfig = ''
        client_max_body_size ${config.services.matrix-synaps.max_upload_size};
      '';
    };
    locations."/_synapse/client" = {
      proxyPass = "http://127.0.0.1:${toString (builtins.elemAt 0 config.services.matrix-synaps.listeners).port}/_synapse/client";
      #proxyWebsockets = true;
    };
  };
  /**/
}