{ config, ... }:
{

  users.users.matrix-synapse = {
    isSystemUser = true;
    group = "matrix-synapse";
  };
  users.groups.matrix-synapse = { };

  sops.secrets."matrix-synapse/registration-shared-secret" = {
    mode = "440";
    owner = "matrix-synapse";
  };

  services.postgresql.enable = true;

  services.matrix-synapse = {
    enable = true;
    settings.server_name = "huwe.mooo.com";
    # The public base URL value must match the `base_url` value set in `clientConfig` above.
    # The default value here is based on `server_name`, so if your `server_name` is different
    # from the value of `fqdn` above, you will likely run into some mismatched domain names
    # in client applications.
    settings.public_baseurl = "https://huwe.mooo.com";
    settings.registration_shared_secret = "test";
    settings.listeners = [
      {
        port = 8008;
        bind_addresses = [ "::1" ];
        type = "http";
        tls = false;
        x_forwarded = true;
        resources = [{
          names = [ "client" "federation" ];
          compress = true;
        }];
      }
    ];
    extraConfigFiles = [
      config.sops.secrets."matrix-synapse/registration-shared-secret".path
    ];
  };
}