(define-module (tw services matrix)
  #:use-module (gnu services)
  #:use-module (gnu services certbot)
  #:use-module (gnu services web)
  #:use-module (tw services))

(define-public %matrix-services
  (list (simple-service 'synapse-certificates certbot-service-type
          (list (certificate-configuration
                 (domains '("matrix.twilken.net"))
                 (deploy-hook %httpd-cert-deploy-hook))))

        (simple-service 'synapse-https-proxy httpd-service-type
          ;; Synapse can't access certbot certs, but Apache/httpd
          ;; can, so proxy HTTPS access through. It's good to have
          ;; Synapse available on port 443 anyway.
          (list (httpd-virtualhost "*:443" (list "\
# Redirect to Synapse, to avoid having to specify its port number in Matrix clients.
ServerName matrix.twilken.net
SSLEngine on
SSLCertificateFile \"/etc/letsencrypt/live/matrix.twilken.net/fullchain.pem\"
SSLCertificateKeyFile \"/etc/letsencrypt/live/matrix.twilken.net/privkey.pem\"
ProxyPass \"/\" \"https://127.0.0.1:48448/\"
"))))

        ;; TODO: Postgres for Synapse
        ;; (service postgresql-service-type
        ;;   (postgresql-configuration
        ;;    (postgresql postgresql-15)
        ;;    (data-directory "/var/lib/postgresql/data")))

        ;; (service postgresql-role-service-type
        ;;   (postgresql-role-configuration
        ;;    (roles (list (postgresql-role
        ;;                  (name "synapse")  ; TODO
        ;;                  (create-database? #t))))))

        ;; TODO: Matrix/Synapse
        ;; TODO: Matrix bridges
        ))