{ pkgs, config, ... }:
let
  baseUrl = "https://${config.networking.domain}";
  clientConfig."m.homeserver".base_url = "https://matrix.${config.networking.domain}";
  serverConfig."m.server" = "${config.networking.domain}:443";
  mkWellKnown = data: ''
    default_type application/json;
    add_header Access-Control-Allow-Origin *;
    return 200 '${builtins.toJSON data}';
  '';

in
{

  services.nginx = {
    virtualHosts = {
      "matrix.${config.networking.domain}" = {
        forceSSL = true;
        enableACME = true;
        locations."/" = {
          proxyPass = " http://32.54.31.241:8008";

        };
        extraConfig = ''
          client_max_body_size 9000M;
          access_log /var/log/nginx/$server_name-access.log json_analytics;
        '';
      };
      "${config.networking.domain}" = {
        # well known paths for matrix
        locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
        locations."/_matrix".proxyPass = "http://32.54.31.241:8008";
        locations."/_synapse".proxyPass = "http://32.54.31.241:8008";
        locations."= /.well-known/matrix/client" .extraConfig = mkWellKnown clientConfig;

      };
    };
  };
}