{ config, pkgs, ... }:
let inherit (import ./lib.nix config) hostRule;
  syncRule = "(PathPrefix(`/client/`) || PathPrefix(`/_matrix/client/unstable/org.matrix.msc3575/sync`))";
  wellKnownRule = "PathPrefix(`/.well-known`)";
in
{
  virtualisation.oci-containers.containers = {
    synapse = {
      image = "docker.io/matrixdotorg/synapse:latest";
      autoStart = true;
      dependsOn = [
        "db"
      ];
      volumes = [
        "/tank/config/synapse/data:/data"
      ];
      ports = [
        "8008:8008/tcp"
      ];
      extraOptions = [
        "-l=traefik.enable=true"
        "-l=traefik.http.routers.synapse.rule=${hostRule "chat"} && !(${syncRule} || ${wellKnownRule})"
        "-l=traefik.http.services.synapse.loadbalancer.server.port=8008"
      ];
    };
    matrix_sliding_sync = {
      image = "ghcr.io/matrix-org/sliding-sync:latest";
      dependsOn = ["db"];
      ports = [
        "8009:8009"
      ];
      environment = {
        SYNCV3_SERVER = "http://synapse:8008";
        # TODO: Store password securely
        SYNCV3_DB = "postgres://syncv3:TZKr3RNmVx@db:5432/syncv3?sslmode=disable";
        # TODO: Store secret securely
        SYNCV3_SECRET = "4917590296b90910ec31ba355af6c7731409fd5f284d24912b852c3f928fa162";
        SYNCV3_BINDADDR = ":8009";
      };
      extraOptions = [
        "-l=traefik.enable=true"
        "-l=traefik.http.routers.syncv3.rule=${hostRule "chat"} && ${syncRule}"
        "-l=traefik.http.services.syncv3.loadbalancer.server.port=8009"
      ];
    };
    # This server helps to serve the .well-known files that are required by clients to find the sync server.
    matrix_well_known = {
      image = "nginx";
      ports = [ "80" ];
      volumes = [
        "/tank/config/synapse/static-files:/usr/share/nginx/html:ro"
      ];
      extraOptions = [
        "-l=traefik.enable=true"
        "-l=traefik.http.routers.matrix-static.rule=${hostRule "chat"} && ${wellKnownRule}"
        "-l=traefik.http.services.matrix-static.loadbalancer.server.port=80"
      ];
    };
  };
}