{ config, ... }:

{
  services.nginx.virtualHosts."matrix.${config.networking.domain}" = {
    default = true;
    quic = true;
    kTLS = true;
    forceSSL = true;
    enableACME = true;
    locations = {
      "/".return = "418 \"🫖\"";
      "~ ^(/_matrix|/_synapse/client)" = {
        recommendedProxySettings = true;
        proxyPass = "http://[::1]:8008";
        extraConfig = ''
          client_max_body_size 64M;
          proxy_set_header X-Request-ID $request_id;
          proxy_http_version 1.1;
        '';
      };
      "/metrics" = {
        return = "204 \"🔍️\"";
        extraConfig = ''
          allow 2001:678:760:cccb::14;
          allow 195.160.173.14;
          deny all;
      };
    };
  };
}