nixos/hosts/quasar/default.nix

{ self, modulesPath, pkgs, config, secrets, ... }:
{
  imports = [
    "${modulesPath}/virtualisation/amazon-image.nix"
    self.nixosModules.common
    self.nixosModules.prompt
    self.nixosModules.server
  ];

  networking = {
    hostName = "quasar";
    domain = "consortium.chat";
    firewall.allowedTCPPorts = [ 80 443 ];
  };

  services.postgresql = {
    enable = true;
  };

  services.caddy = {
    enable = true;
    virtualHosts = {
      "${config.networking.domain}".extraConfig = ''
        reverse_proxy localhost:8008
        header Strict-Transport-Security "max-age=63072000; includeSubDomains;"
      '';
      "matrix.${config.networking.domain}".extraConfig = ''
        reverse_proxy /_matrix/* localhost:8008
        reverse_proxy /_synapse/client/* localhost:8008
      '';
      "admin.${config.networking.domain}".extraConfig = ''
        root * ${pkgs.synapse-admin}
        file_server
      '';
    };
  };

  services.matrix-synapse = {
    enable = true;
    settings = {
      server_name = config.networking.domain;
      serve_server_wellknown = true;
      # app_service_config_files = [ ];
      registration_shared_secret = secrets.synapse."consortium.chat".registration-shared-secret;
      macaroon_secret_key = secrets.synapse."consortium.chat".macaroon-secret-key;
      form_secret = secrets.synapse."consortium.chat".form-secret;
    };
  };

  services.mautrix-telegram = {
    enable = true;
    settings = {
      homeserver = {
        address = "http://localhost:8008";
        domain = config.networking.domain;
      };
      appservice = {
        id = "telegram";
      };
    };
  };

  promptEmoji = "🌟";

  time.timeZone = "America/Los_Angeles";

  system.stateVersion = "24.05";
}