{ config, pkgs, ... }:

{
  services.matrix-synapse = {
    enable = true;
    settings = {
      server_name = "extremist.software";
      public_baseurl = "https://matrix.extremist.software";
      
      listeners = [
        {
          port = 8008;
          bind_addresses = [ "127.0.0.1" ];
          type = "http";
          tls = false;
          x_forwarded = true;
          resources = [
            {
              names = [ "client" "federation" ];
              compress = false;
            }
          ];
        }
      ];
      
      enable_registration = false;
      registration_shared_secret = "extremist_software_admin_creation";
      macaroon_secret_key = config.mySecrets.matrixMacaroon;
      database = {
        name = "psycopg2";
        allow_unsafe_locale = true;
        args = {
          user = "matrix-synapse";
          database = "matrix-synapse";
          host = "/run/postgresql";
          cp_min = 5;
          cp_max = 10;
        };
      };
    };
  };

  services.postgresql = {
    enable = true;
    ensureDatabases = [ "matrix-synapse" ];
    ensureUsers = [{
      name = "matrix-synapse";
      ensureDBOwnership = true;
    }];
  };
}