{ config, ... }:
{
  services.nginx = {
    enable = true;
    virtualHosts."matrix.nekover.se" = {
      forceSSL = true;
      enableACME = true;
      listen = [
        {
          addr = "0.0.0.0";
          port = 80;
        }
        {
          addr = "0.0.0.0";
          port = 8448;
          ssl = true;
        }
      ];
      locations = {
        "~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = {
          proxyPass = "http://127.0.0.1:8009";
          priority = 999;
        };
        "~ ^(/_matrix|/_synapse/client)" = {
          proxyPass = "http://127.0.0.1:8008";
          extraConfig = ''
            # Nginx by default only allows file uploads up to 1M in size
            # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
            client_max_body_size ${config.services.matrix-synapse.settings.max_upload_size};
          '';
        };
      };
      extraConfig = ''
        listen 0.0.0.0:8443 http2 ssl proxy_protocol;

        set_real_ip_from 10.202.41.100;
        real_ip_header proxy_protocol;
      '';
    };
  };
}