{ pkgs, lib, config, ... }:

{

  dns.zones."ctucx.de".subdomains.dendrite.CNAME = [ "${config.networking.fqdn}." ];

  users.groups.dendrite = {};
  users.users.dendrite = {
    isSystemUser = true;
    home = "/var/lib/dendrite";
    group = "dendrite";
  };

  services.dendrite = {
    enable = true;
    openRegistration = false;
    settings = {
      global.server_name = "dendrite.ctucx.de";
      global.private_key = "/var/lib/dendrite/private_key.pem";

      global.well_known_server_name = "dendrite.ctucx.de:443";
      global.well_known_client_name = "https://dendrite.ctucx.de";

      client_api.registration_disabled = true;
      client_api.registration_shared_secret = "joihgpiufgpueiuessqiegp87tf-e8d7pgwiugbdpiugp87dfo87ugfodiujpfd87g97dpg97dp97";
    };
  };

  services.nginx = {
    enable       = true;
    virtualHosts = {
      "${config.services.dendrite.settings.global.server_name}" = {
        useACMEHost = "${config.networking.fqdn}";
        forceSSL    = true;
        kTLS        = true;
        locations   = {
          "/.well-known".proxyPass = "http://[::1]:8008";
          "/_matrix".proxyPass = "http://[::1]:8008";
          "/".root             = pkgs.cinny.override {
            conf = {
              defaultHomeserver = 0;
              homeserverList    = [ "${config.services.dendrite.settings.global.server_name}" ];
              allowCustomHomesevrers = false;
            };
          };
        };
      };

    };
  };

}