{ config, ... }:
let
  inherit (import ../lib.nix config) hostRule havenisms;
  syncRule = "(PathPrefix(`/client/`) || PathPrefix(`/_matrix/client/unstable/org.matrix.msc3575/sync`))";
  wellKnownRule = "(Host(`havenisms.com`) || Host(`chat.havenisms.com`)) && PathPrefix(`/.well-known`)";
in
{

  sops.secrets = {
    "matrix/syncv3/db-password" = {
      restartUnits = [ "podman-matrix-sliding-sync.service" ];
    };
    "matrix/syncv3/secret" = {
      restartUnits = [ "podman-matrix-sliding-sync.service" ];
    };
  };

  sops.templates."matrix-sliding-sync.env".content = ''
    SYNCV3_SERVER=http://synapse:8008
    SYNCV3_DB=postgres://syncv3:${
      config.sops.placeholder."matrix/syncv3/db-password"
    }@db:5432/syncv3?sslmode=disable
    SYNCV3_SECRET=${config.sops.placeholder."matrix/syncv3/secret"}
    SYNCV3_BINDADDR=:8009
  '';

  virtualisation.oci-containers.containers = {
    synapse = {
      image = "docker.io/matrixdotorg/synapse:latest";
      autoStart = true;
      dependsOn = [
        "db"
      ];
      volumes = [
        "/tank/config/synapse/data:/data"
      ];
      extraOptions = [
        "-l=traefik.enable=true"
        "-l=traefik.http.routers.synapse.rule=${hostRule "chat" havenisms} && !(${syncRule} || ${wellKnownRule})"
        "-l=traefik.http.routers.synapse.service=synapse"
        "-l=traefik.http.services.synapse.loadbalancer.server.port=8008"

        # Federation forwarding
        "-l=traefik.http.routers.synapse-federation.rule=${hostRule "chat" havenisms}"
        "-l=traefik.http.routers.synapse-federation.service=synapse-federation"
        "-l=traefik.http.routers.synapse-federation.entrypoints=matrix-federation"
        "-l=traefik.http.services.synapse-federation.loadbalancer.server.port=8448"
      ];
    };

    matrix-sliding-sync = {
      image = "ghcr.io/matrix-org/sliding-sync:latest";
      dependsOn = [
        "db"
        "synapse"
      ];
      environmentFiles = [
        config.sops.templates."matrix-sliding-sync.env".path
      ];
      extraOptions = [
        "-l=traefik.enable=true"
        "-l=traefik.http.routers.syncv3.rule=${hostRule "chat" havenisms} && ${syncRule}"
        "-l=traefik.http.services.syncv3.loadbalancer.server.port=8009"
      ];
    };

    # This server helps to serve the .well-known files that are required by clients to find the sync server.
    matrix-well-known = {
      image = "nginx";
      dependsOn = [ "synapse" ];
      volumes = [
        "/tank/config/synapse/static-files:/usr/share/nginx/html:ro"
      ];
      extraOptions = [
        "-l=traefik.enable=true"
        "-l=traefik.http.middlewares.strip-well-known.stripprefix.prefixes=/.well-known"
        "-l=traefik.http.routers.matrix-well-known.rule=${wellKnownRule}"
        "-l=traefik.http.routers.matrix-well-known.middlewares=strip-well-known"
        "-l=traefik.http.services.matrix-well-known.loadbalancer.server.port=80"
      ];
    };
  };
}