nix-infra/config/hosts/web-public-2/virtualHosts/nekover.se.nix

{ ... }:
{
  services.nginx.virtualHosts."nekover.se" = {
    forceSSL = true;
    enableACME = true;
    listen = [{
      addr = "localhost";
      port = 8443;
      ssl = true;
      extraParameters = ["proxy_protocol"];
    }];
    locations."/.well-known/matrix/server" = {
      return = "200 '{\"m.server\": \"matrix.nekover.se:443\"}'";
      extraConfig = ''
        add_header Content-Type application/json;
      '';
    };
    locations."/.well-known/matrix/client" = {
      return = "200 '{\"m.homeserver\": {\"base_url\": \"https://matrix.nekover.se\"}, \"m.identity_server\": {\"base_url\": \"https://vector.im\"}, \"org.matrix.msc3575.proxy\": {\"url\": \"https://matrix.nekover.se\"}, \"org.matrix.msc2965.authentication\": {\"issuer\": \"https://id.nekover.se/realms/nekoverse\", \"account\": \"https://id.nekover.se/realms/nekoverse/account/\"}}'";
      extraConfig = ''
        default_type application/json;
        add_header Access-Control-Allow-Origin *;
      '';
    };
    extraConfig = ''
      set_real_ip_from 127.0.0.1;
      real_ip_header proxy_protocol;
    '';
  };
}