{ pkgs, lib, config, ... }: { dns.zones."ctucx.de".subdomains.dendrite.CNAME = [ "${config.networking.fqdn}." ]; users.groups.dendrite = {}; users.users.dendrite = { isSystemUser = true; home = "/var/lib/dendrite"; group = "dendrite"; }; services.dendrite = { enable = true; openRegistration = false; settings = { global.server_name = "dendrite.ctucx.de"; global.private_key = "/var/lib/dendrite/private_key.pem"; global.well_known_server_name = "dendrite.ctucx.de:443"; global.well_known_client_name = "https://dendrite.ctucx.de"; client_api.registration_disabled = true; client_api.registration_shared_secret = "joihgpiufgpueiuessqiegp87tf-e8d7pgwiugbdpiugp87dfo87ugfodiujpfd87g97dpg97dp97"; }; }; services.nginx = { enable = true; virtualHosts = { "${config.services.dendrite.settings.global.server_name}" = { useACMEHost = "${config.networking.fqdn}"; forceSSL = true; kTLS = true; locations = { "/.well-known".proxyPass = "http://[::1]:8008"; "/_matrix".proxyPass = "http://[::1]:8008"; "/".root = pkgs.cinny.override { conf = { defaultHomeserver = 0; homeserverList = [ "${config.services.dendrite.settings.global.server_name}" ]; allowCustomHomesevrers = false; }; }; }; }; }; }; }