{
  pkgs,
  lib,
  config,
  ...
}:
let

  settingsFormat = pkgs.formats.yaml { };
  configurationYaml = settingsFormat.generate "dendrite.yaml" settings;
  workingDir = "/var/lib/dendrite";

  environmentFile = config.sops.secrets.dendrite-env.path;

  httpPort = 8008;

  settings = {
    version = 2;
    global = {
      server_name = "boskma.frl";
      private_key = "$CREDENTIALS_DIRECTORY/private_key";

      database = {
        connection_string = "postgresql:///dendrite?host=/run/postgresql";
        max_open_conns = 90;
        max_idle_conns = 5;
        conn_max_lifetime = -1;
      };

      trusted_third_party_id_servers = [
        "matrix.org"
        "vector.im"
      ];
      disable_federation = false;
      presence = {
        inbound = true;
        outbound = true;
      };

      server_notices = {
        enabled = true;
        local_part = "_server";
        display_part = "Tidingen";
        room_name = "Tidingen";
      };

      metrics = {
        enabled = true;
        basic_auth = {
          username = "metrics";
          password = "metrics";
        };
      };
    };
    client_api = {
      registration_shared_secret = "$REGISTRATION_SECRET";
    };
    federation_api = {
      key_perspectives = [
        {
          server_name = "matrix.org";
          keys = [
            {
              key_id = "ed25519:auto";
              public_key = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw";
            }
            {
              key_id = "ed25519:a_RXGa";
              public_key = "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ";
            }
          ];
        }
      ];
    };
    sync_api = {
      real_ip_header = "X-Forwarded-For";
    };
    mscs = {
      mscs = [
        "msc2444"
        "msc2753"
        "msc2836"
      ];
    };
    media_api = {
      base_path = "${workingDir}/media_store";

      max_file_size_bytes = 25 * 1024 * 1024;
      thumbnail_sizes = [
        {
          height = 32;
          method = "crop";
          width = 32;
        }
        {
          height = 96;
          method = "crop";
          width = 96;
        }
        {
          height = 480;
          method = "scale";
          width = 640;
        }
      ];
    };

    logging = [
      {
        type = "std";
        level = "info";
      }
    ];
  };
in
{
  systemd.services.dendrite = {
    description = "Dendrite Matrix homeserver";
    after = [ "network.target" ];
    wantedBy = [ "multi-user.target" ];
    serviceConfig = {
      Type = "simple";
      DynamicUser = true;
      StateDirectory = "dendrite";
      WorkingDirectory = workingDir;
      RuntimeDirectory = "dendrite";
      RuntimeDirectoryMode = "0700";
      LimitNOFILE = 65535;
      EnvironmentFile = environmentFile;
      LoadCredential = [ "private_key:${config.sops.secrets.dendrite-private-key.path}" ];
      ExecStartPre = [
        ''
          ${pkgs.envsubst}/bin/envsubst \
            -i ${configurationYaml} \
            -o /run/dendrite/dendrite.yaml
        ''
      ];
      ExecStart = lib.strings.concatStringsSep " " ([
        "${pkgs.dendrite}/bin/dendrite"
        "--config /run/dendrite/dendrite.yaml"
        "--http-bind-address :${builtins.toString httpPort}"
      ]);
      ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
      Restart = "on-failure";
    };
  };
}