{
  povSelf,
  name,
  config,
  lib,
  pkgs,
  ...
}:

let
  inherit (lib) types;
  cfg = lib.getAttrFromPath povSelf config;
  cfgWebsites = lib.getAttrFromPath (lib.remove name povSelf) config;

in
{

  options = {
    enable = {
      type = types.bool;
      default = false;
    };
    subdomain = {
      type = types.str;
      default = "continuwuity";
    };
    domain = {
      type = types.str;
      default = "zaphyra.eu";
    };
  };

  config = lib.mkIf cfg.enable {
    assertions = [
      {
        assertion = cfgWebsites."zaphyra.eu".enable == true;
        message = "The option 'modules.websites.\"zaphyra.eu\"' must be enabled in order to use this module.";
      }
    ];

    dns.zones = {
      "${cfg.domain}".subdomains."${cfg.subdomain}".CNAME = [
        "${config.networking.fqdn}."
      ];
    };

    modules.filesystem.impermanence.system.dirs = [
      "/var/lib/private/continuwuity"
    ];

    services.matrix-continuwuity = {
      enable = true;
      settings = {
        global = {
          address = [ "::1" ];
          trusted_servers = [
            "matrix.org"
            "tchncs.de"
          ];
          server_name = cfg.domain;
          allow_registration = false;
          yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse = false;
        };
      };
    };

    services.nginx = {
      enable = true;
      virtualHosts =
        let
          matrixServerConfig = {
            "m.server" = "${cfg.subdomain}.${cfg.domain}:443";
          };
          matrixClientConfig = {
            "m.homeserver".base_url = "https://${cfg.subdomain}.${cfg.domain}/";
          };
        in
        {
          "${config.services.matrix-continuwuity.settings.global.server_name}" = {
            locations = {
              "= /.well-known/matrix/server".extraConfig = ''
                add_header Content-Type application/json;
                add_header "Access-Control-Allow-Origin" "*";
                add_header "Access-Control-Allow-Methods" "GET, POST, PUT, DELETE, OPTIONS";
                add_header "Access-Control-Allow-Headers" "Origin, X-Requested-With, Content-Type, Accept, Authorization";
                return 200 '${builtins.toJSON matrixServerConfig}';
              '';
              "= /.well-known/matrix/client".extraConfig = ''
                add_header Content-Type application/json;
                add_header "Access-Control-Allow-Origin" "*";
                add_header "Access-Control-Allow-Methods" "GET, POST, PUT, DELETE, OPTIONS";
                add_header "Access-Control-Allow-Headers" "Origin, X-Requested-With, Content-Type, Accept, Authorization";
                return 200 '${builtins.toJSON matrixClientConfig}';
              '';
            };
          };
          "${cfg.subdomain}.${cfg.domain}" = {
            useACMEHost = "${config.networking.fqdn}";
            forceSSL = true;
            kTLS = true;
            locations = {
              "/_matrix" = {
                proxyPass = "http://[::1]:${toString config.services.matrix-continuwuity.settings.global.port}";
                proxyWebsockets = true;
              };
              "/".root = pkgs.cinny.override {
                conf = {
                  defaultHomeserver = 0;
                  homeserverList = [ cfg.domain ];
                  hashRouter.enabled = true;
                  allowCustomHomesevrers = false;
                };
              };
            };
          };
        };
    };
  };

}