{
    config,
    pkgs,
    inputs,
    ...
}: let
    caddyConfig = ''
        reverse_proxy /_matrix/* localhost:6167
        header /.well-known/matrix/* Content-Type application/json
        header /.well-known/matrix/* Access-Control-Allow-Origin *
        respond /.well-known/matrix/server `{"m.server": "m.jacekpoz.pl:443"}`
        respond /.well-known/matrix/client `{"m.homeserver":{"base_url":"https://m.jacekpoz.pl"}}`
    '';
in {
    services.matrix-conduit = {
        enable = true;

        package = inputs.conduit.packages.${pkgs.system}.default;

        settings.global = {
            server_name = "jacekpoz.pl";
            database_backend = "rocksdb";
            port = 6167;
            max_request_size = 100000000;
            rocksdb_max_open_files = 20;
        };
    };

    services.caddy = {
        enable = true;
        virtualHosts."m.jacekpoz.pl".extraConfig = caddyConfig;
        virtualHosts."jacekpoz.pl:8448".extraConfig = caddyConfig;
    };

    networking.firewall.allowedTCPPorts = [ 80 443 6167 8448 ];
    networking.firewall.allowedUDPPorts = [ 80 443 6167 8448 ];
}