_:
let
  server_name = "jdonszelmann.nl";
  port = 11001;
in  {
  services.nginx.virtualHosts.${server_name} = {
    enableACME = true;
    forceSSL = true;

    locations."/" = {
      proxyPass = "http://[::1]:${port}";
      proxyWebsockets = true;
    };
  };

  services.matrix-synapse = {
    enable = true;
    settings = {
      inherit server_name;
      url_preview_enabled = true;

      url_preview_ip_range_blacklist = [
        "10.0.0.0/8"
        "100.64.0.0/10"
        "127.0.0.0/8"
        "169.254.0.0/16"
        "172.16.0.0/12"
        "192.0.0.0/24"
        "192.0.2.0/24"
        "192.168.0.0/16"
        "192.88.99.0/24"
        "198.18.0.0/15"
        "198.51.100.0/24"
        "2001:db8::/32"
        "203.0.113.0/24"
        "224.0.0.0/4"
        "::1/128"
        "fc00::/7"
        "fe80::/10"
        "fec0::/10"
        "ff00::/8"
      ];
    };
    extras = [
      "url-preview"
    ];
    settings.listeners = [
      {
        inherit port;
        bind_addresses = [ "::1" ];
        type = "http";
        tls = false;
        x_forwarded = true;
        resources = [
          {
            names = [
              "client"
              "federation"
            ];
            compress = true;
          }
        ];
      }
    ];

    settings.database = {
      name = "psycopg2";
      args = {
        database = "matrix";
        user = "matrix";
      };
    };
  };
}