{
  makeSystem,
  nixpkgs,
  commonConfig,
}:
makeSystem {
  system = "x86_64-linux";
  name = "synapse";
  inherit nixpkgs;
  config = {
    pkgs,
    lib,
    ...
  }: let
    inherit
      (lib)
      singleton
      makeSearchPathOutput
      ;
  in {
    dumb-init = {
      enable = true;
      type.services = {};
    };

    environment.systemPackages = [pkgs.openssh];

    services.synapse = {
      enable = true;
      package = import ./synapse-package.nix pkgs;
      settings = {
        listeners = [
          # The HTTP replication port
          {
            port = 9093;
            bind_addresses = ["0.0.0.0"];
            type = "http";
            resources = [
              {
                names = ["replication"];
              }
            ];
          }
          {
            port = 6167;
            tls = false;
            type = "http";
            x_forwarded = true;
            bind_adrresses = ["0.0.0.0"];
            resources = singleton {
              names = ["client" "federation"];
              compress = false;
            };
          }
          # {
          #    port = 9000;
          #    bind_addresses = [ "127.0.0.1" ];
          #    type = "manhole";
          # }
        ];

        public_baseurl = "https://matrix.redalder.org/";

        # Add a random shared secret to authenticate traffic.
        worker_replication_secret = "";
      };
      arguments = {
        "config-path" = [
          (commonConfig pkgs)
          "/secrets/extra.yaml"
          "/var/lib/registrations/extra.yaml"
        ];
        "keys-directory" = "/var/lib/synapse/keys";
      };
    };
  };
}