{ config, ... }:

{
  users.groups.continuwuity.members = [ "caddy" ];

  services.caddy.virtualHosts."matrix.wo2wz.fyi".extraConfig = ''
    import default-settings
    import cloudflare-tls

    reverse_proxy unix/${config.services.matrix-continuwuity.settings.global.unix_socket_path}
  '';

  services.matrix-continuwuity = {
    enable = true;
    settings = {
      global = {
        address = null;
        unix_socket_path = "/run/continuwuity/continuwuity.sock";
        unix_socket_perms = 660;

        server_name = "wo2wz.fyi";
        well_known = {
          client = "https://matrix.wo2wz.fyi";
          server = "matrix.wo2wz.fyi:443";
        };

        allow_registration = false;
        allow_encryption = true;
        allow_federation = true;
        trusted_servers = [ "matrix.org" ];

        new_user_displayname_suffix = "";
      };
    };
  };
}