{
  lib,
  config,
  pkgs,
  ...
}:
let
  inherit (config.machine.synapse.element) domain enable;
  elementConfig = {
    default_server_config = {
      "m.homeserver" = with config.services.matrix-synapse.settings; {
        base_url = public_baseurl;
        inherit server_name;
      };
      "m.identity_server" = {
        base_url = "";
      };
    };
    disable_custom_urls = false;
    disable_guests = true;
    disable_login_language_selector = false;
    disable_3pid_login = false;
    brand = "Element";
    default_country_code = "US";
    show_labs_settings = true;
    features = {
      feature_video_rooms = true;
      feature_group_calls = true;
      feature_element_call_video_rooms = true;
      feature_new_device_manager = true;
      feature_wysiwyg_composer = true;
    };
    default_federate = true;
    room_directory = with config.services.matrix-synapse.settings; {
      servers = [
        server_name
        "matrix.org"
      ];
    };
    setting_defaults = {
      breadcrumbs = true;
      "MessageComposerInput.autoReplaceEmoji" = true;
      sendTypingNotifications = true;
      showTypingNotifications = true;
      showReadReceipts = true;
      showJoinLeaves = false;
      urlPreviewsEnabled = true;
    };
    sso_redirect_options = {
      immediate = false;
      on_welcome_page = true;
    };
  };
in
with lib; mkIf enable {
  services.nginx.virtualHosts.${domain} = {
    enableACME = true;
    forceSSL = true;

    root = pkgs.element-web.override (_old: {
      conf = elementConfig;
    });
  };
}