{ config, ... }:
{
  services.nginx.virtualHosts."matrix.${config.secrets.jimDomain}" = {
    enableACME = true;
    forceSSL = true;
    locations = {
      "/".extraConfig = ''return 403;'';
      "/client".proxyPass = "http://127.0.0.1:8009";
      "/_matrix".proxyPass = "http://127.0.0.1:8008";
      "/_matrix/client/unstable/org.matrix.msc3575/sync".proxyPass = "http://127.0.0.1:8009";
      "/_synapse/client".proxyPass = "http://127.0.0.1:8008";
    };
  };
}