{ config, pkgs, ... }:
let domain = config.networking.domain;
in {
  services = {
    dendrite = {
      enable = true;
      settings = let
        dburl = "postgres:///dendrite?host=/run/postgresql";
        workingDir = "/var/lib/dendrite"; # hardcoded in service
      in {
        app_service_api.database.connection_string = dburl;
        federation_api.database.connection_string = dburl;
        global = {
          server_name = domain;
          private_key = "${workingDir}/matrix_key.pem";
          trusted_third_party_id_servers = [ ];
        };
        key_server.database.connection_string = dburl;
        media_api.database.connection_string = dburl;
        mscs.database.connection_string = dburl;
        room_server.database.connection_string = dburl;
        sync_api.database.connection_string = dburl;
        user_api.account_database.connection_string = dburl;
        user_api.device_database.connection_string = dburl;
      };
    };

    nginx.virtualHosts.${domain}.locations."/_matrix".proxyPass = let
      port = toString config.services.dendrite.httpPort;
    in "http://localhost:${port}";

    postgresql = {
      enable = true;
      ensureDatabases = [ "dendrite" ];
      ensureUsers = [
        {
          name = "dendrite";
          ensurePermissions."DATABASE dendrite" = "ALL PRIVILEGES";
        }
      ];
      package = pkgs.postgresql;
    };
  };
}