{config, ...}: let
  cfg = config.services.matrix-conduit;
  domain = "matrix.${config.services.nginx.domain}";
in {
  services.matrix-conduit = {
    enable = true;
    settings.global = {
      address = "127.0.0.1";
      server_name = domain;
      database_backend = "rocksdb";
    };
  };

  services.nginx.virtualHosts."${domain}" = {
    enableACME = true;

    listen = [
      {
        addr = "0.0.0.0";
        port = 443;
        ssl = true;
      }
      {
        addr = "[::0]";
        port = 443;
        ssl = true;
      }
      {
        addr = "0.0.0.0";
        port = 8448;
        ssl = true;
      }
      {
        addr = "[::0]";
        port = 8488;
        ssl = true;
      }
    ];

    addSSL = true;
    extraConfig = ''
      merge_slashes off;
    '';

    locations."/_matrix" = {
      proxyPass = "http://${cfg.settings.global.address}:${toString cfg.settings.global.port}";
      # Recommended by conduit
      extraConfig = ''
        proxy_buffering off;
      '';
    };
  };
}