{
  hostConfig,
  povSelf,
  config,
  lib,
  pkgs,
  ...
}:

let
  inherit (lib) types;
  cfg = lib.getAttrFromPath povSelf config;

in
{

  options = {
    enable = {
      type = types.bool;
      default = false;
    };
    subdomain = {
      type = types.str;
      default = "continuwuity-migration";
    };
    domain = {
      type = types.str;
      default = "zaphyra.eu";
    };
  };

  config = lib.mkIf cfg.enable {
    dns.zones = {
      "${cfg.domain}".subdomains."${cfg.subdomain}".CNAME = [
        "${config.networking.fqdn}."
      ];
    };

    modules.filesystem.impermanence.system.dirs = [
      {
        directory = "/var/lib/continuwuity";
        mode = "0700";
        user = "continuwuity";
        group = "continuwuity";
      }
    ];

    services.matrix-continuwuity = {
      enable = true;
      settings = {
        global = {
          address = [ "::1" ];
          trusted_servers = [
            "matrix.org"
            "tchncs.de"
          ];
          server_name = "${cfg.subdomain}.${cfg.domain}";
          allow_registration = false;
          yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse = false;
          well_known.server = "${cfg.subdomain}.${cfg.domain}:443";
        };
      };
    };

    services.nginx = {
      enable = true;
      virtualHosts."${cfg.subdomain}.${cfg.domain}" = {
        enableACME = true;
        forceSSL = true;
        kTLS = true;
        locations."/".proxyPass =
          "http://[::1]:${toString config.services.matrix-continuwuity.settings.global.port}/";
      };
    };
  };

}