{ config, ... }:
{
  services.nginx = {
    enable = true;
    virtualHosts."matrix.nekover.se" = {
      forceSSL = true;
      enableACME = true;
      listen = [
        {
          addr = "0.0.0.0";
          port = 80;
        }
        {
          addr = "0.0.0.0";
          port = 8448;
          ssl = true;
        }
      ];
      locations."~ ^(/_matrix|/_synapse/client)" = {
        proxyPass = "http://localhost:8008";
        extraConfig = ''
          # Nginx by default only allows file uploads up to 1M in size
          # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
          client_max_body_size ${config.services.matrix-synapse.settings.max_upload_size};
        '';
      };
      extraConfig = ''
        listen 0.0.0.0:8443 http2 ssl proxy_protocol;

        set_real_ip_from 10.202.41.100;
        real_ip_header proxy_protocol;
      '';
    };
  };
}