{ config, lib, pkgs, ... }:

let
  cfg = config.matrix;
in
{
  options.matrix = {
    port = lib.mkOption {
      type = lib.types.int;
    };
    serverName = lib.mkOption {
      type = lib.types.str;
    };
    apiDomain = lib.mkOption {
      type = lib.types.str;
    };
  };

  config = {
    services = {
      matrix-synapse = {
        enable = true;
        settings = {
          server_name = cfg.serverName;
          listeners = [{
            # This listener matches the default of NixOS 24.11 (replicated here to make the port configurable).
            bind_addresses = ["127.0.0.1"];
            port = cfg.port;
            resources = [
              {
                compress = true;
                names = ["client"];
              }
              {
                compress = false;
                names = ["federation"];
              }
            ];
            tls = false;
            type = "http";
            x_forwarded = true;
          }];
        };
      };

      nginx.virtualHosts.${cfg.apiDomain} = {
        enableACME = true;
        forceSSL = true;

        # TODO: add locations."/" with some message

        # Forward all Matrix API calls to the synapse Matrix homeserver. A trailing slash
        # *must not* be used here.
        locations."/_matrix".proxyPass = "http://127.0.0.1:${toString cfg.port}";
        # Forward requests for e.g. SSO and password-resets.
        locations."/_synapse/client".proxyPass = "http://127.0.0.1:${toString cfg.port}";
      };
    };
  };
}