{ config, lib, pkgs, pkgs-unstable, ... }:

let
  cfg = config.matrix;
  helpers = import <top/helpers.nix> { inherit config lib pkgs; };
in
{
  options.matrix = {
    port = lib.mkOption {
      type = lib.types.int;
    };
    serverName = lib.mkOption {
      type = lib.types.str;
    };
    apiDomain = lib.mkOption {
      type = lib.types.str;
    };
  };

  config = {
    services = {
      matrix-conduit = {
        enable = true;
        package = pkgs-unstable.matrix-conduit;
        settings = {
          global = {
            server_name = cfg.serverName;
            port = cfg.port;
            address = "127.0.0.1"; # this is the default of conduit but the nixos service defaults to ::1
            database_backend = "rocksdb";
            enable_lightning_bolt = false;
            allow_registration = false;
          };
        };
      };

      nginx.virtualHosts.${cfg.apiDomain} = {
        enableACME = true;
        forceSSL = true;
        extraConfig = helpers.mkNginxConfig cfg.apiDomain;

        # TODO: add locations."/" with some message

        # Forward all Matrix API calls to the Conduit Matrix homeserver. A trailing slash
        # *must not* be used here.
        locations."/_matrix".proxyPass = "http://127.0.0.1:${toString cfg.port}";
      };

      # I don't really care about these nginx access logs. Conduit has its own
      # log anyway and with the default log rotation (weekly and delaycompress=true)
      # the access logs from last week took up ~800MB.
      logrotate.settings.matrix-nginx-access-log =
        (helpers.mkNginxAccessLogrotateSettings cfg.apiDomain)
        // {
          frequency = "daily";
          rotate = 14;
        };
    };
  };
}