{ nglib, nixpkgs }:
nglib.makeSystem {
  system = "x86_64-linux";
  name = "synapse";
  inherit nixpkgs;
  config = ({ pkgs, ... }:
    {
      dumb-init = {
        enable = true;
        type.services = { };
      };

      init.services.synapse = {
        enabled = true;
        shutdownOnExit = true;
        script =
          let
            logConfig = (pkgs.formats.yaml {}).generate "log.yaml"
              {
                # Log configuration for Synapse.
                #
                # This is a YAML file containing a standard Python logging configuration
                # dictionary. See [1] for details on the valid settings.
                #
                # Synapse also supports structured logging for machine readable logs which can
                # be ingested by ELK stacks. See [2] for details.
                #
                # [1]: https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema
                # [2]: https://matrix-org.github.io/synapse/latest/structured_logging.html

                version = 1;

                formatters.precise.format = "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s";
                handlers.console =
                  {
                    class = "logging.StreamHandler";
                    formatter = "precise";
                  };
                loggers."synapse.storage.SQL" =
                  {
                    level = "INFO";
                  };
                root =
                  {
                    level = "INFO";
                    handlers = [ "console" ];
                  };

                disable_existing_loggers = false;
              };
            synapseConfig = (pkgs.formats.yaml {}).generate "conduit.yaml"
              {
                server_name = "matrix.redalder.org";
                report_stats = "yes";
                pid_file = "/homeserver.pid";

                enable_registration = false;
                enable_registration_without_verification = false;

                listeners =
                  [
                    {
                      port = 6167;
                      tls = false;
                      type = "http";
                      x_forwarded = true;
                      bind_adrresses = [ "127.0.0.1" ];
                      resources =
                        [
                          {
                            names = [ "client" "federation" ];
                            compress = false;
                          }
                        ];
                    }
                  ];
                database =
                  {
                    name = "sqlite3";
                    compress = false;
                    args.database = "/var/lib/synapse/sqlite.db";
                  };
                log_config = logConfig;
                trusted_key_servers =
                  [
                    {
                      server_name = "matrix.org";
                    }
                  ];
                media_store_path = "/var/lib/synapse/media_store";
                signing_key_path = "/var/lib/synapse/signing.key";
              };
          in
            pkgs.writeShellScript "conduit"
              ''
                [ -e /var/lib/synapse/signing.key ] || \
                  ${pkgs.matrix-synapse}/bin/synapse_homeserver \
                    --config-path ${synapseConfig} \
                    --config-path /secrets/extra.yaml \
                    --config-path /var/lib/registrations/extra.yaml \
                    --keys-directory /var/lib/synapse/keys \
                    --generate-keys
                ${pkgs.matrix-synapse}/bin/synapse_homeserver \
                  --config-path ${synapseConfig} \
                  --config-path /secrets/extra.yaml \
                  --config-path /var/lib/registrations/extra.yaml \
                  --keys-directory /var/lib/synapse/keys
              '';
      };
    });
}