{ config, lib, pkgs, ... }:

{
  services.matrix-conduit = {
    enable = true;

    extraEnvironment.RUST_BACKTRACE = "yes";
    settings.global = {
      server_name = "conduit.stuebinm.eu";
      trusted_servers = [  ]; # TODO what does this mean?
      port = 6167;
      allow_registration = false;
    };

  };

  services.nginx.virtualHosts."conduit.stuebinm.eu" = {
    locations."/_matrix/".proxyPass = "http://localhost:6167";
    enableACME = true;
    forceSSL = true;
    listen = [
      {
        addr = "[::]";
        port = 443;
        ssl = true;
      }
      {
        addr = "[::]";
        port = 8448;
        ssl = true;
      }
    ];
  };

  networking.firewall.allowedTCPPorts = [ 8448 ];
}