{ config, lib, pkgs, ... }:
let
  synapseCfg = config.services.matrix-synapse.settings;

  cfg = rec {
    homeserver = {
      address = synapseCfg.public_baseurl;
      domain = synapseCfg.server_name;
    };
    appservice = rec {
      hostname = "127.0.0.1";
      port = 29328;
      address = "http://${hostname}:${toString port}";
      provisioning.shared_secret = "disable";
      database = "postgres:///mautrix-signal";
    };
    signal = {
      enable_disappearing_messages_in_groups = true;
    };
    bridge = {
      contact_list_names = "prefer";
      encryption = {
        allow = true;
        default = true;
      };
      delivery_receipts = true;
      provisioning.enabled = false;
      permissions = {
        # Only one user since using the name from the address book does not
        # work with multiple users
        "@simon:${homeserver.domain}" = "admin";
      };
      location_format = "https://www.openstreetmap.org/?mlat={lat}&mlon={long}";
    };
    logging = {
      version = 1;
      formatters = {
        colored = {
          "()" = "mautrix_signal.util.ColorFormatter";
          format = "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s";
        };
        normal.format = "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s";
      };
      handlers = {
        console = {
          class = "logging.StreamHandler";
          formatter = "colored";
        };
      };
      loggers = {
        mau.level = "INFO";
        aiohttp.level = "INFO";
      };
      root = {
        level = "INFO";
        handlers = [ "console" ];
      };
    };
  };

  generatedConfig = pkgs.runCommandNoCC "mautrix-signal-config" { } ''
    mkdir $out
    cat ${pkgs.writeText "mautrix-signal.yaml" (lib.generators.toYAML { } cfg)} > $out/config.yaml
    ${pkgs.mautrix-signal}/bin/mautrix-signal -c $out/config.yaml -g -r $out/registration.yaml
  '';
in
{
  services.signald = {
    enable = true;
    group = "signald";
  };

  systemd.services.signald.serviceConfig.ExecStart = lib.mkForce "${pkgs.signald}/bin/signald -d /var/lib/signald -s ${config.services.signald.socketPath}";

  services.postgresql = {
    enable = true;
    ensureDatabases = [ "mautrix-signal" ];
    ensureUsers = lib.singleton {
      name = "mautrix-signal";
      ensurePermissions = { "DATABASE \"mautrix-signal\"" = "ALL PRIVILEGES"; };
    };
  };

  systemd.services.mautrix-signal = {
    after = [ "network.target" "matrix-synapse.service" ];
    wantedBy = [ "multi-user.target" ];

    serviceConfig = {
      DynamicUser = true;
      PrivateTmp = true;
      SupplementaryGroups = [ "signald" ];
      StateDirectory = "mautrix-signal";
      WorkingDirectory = "/var/lib/mautrix-signal";
      ExecStart = "${pkgs.mautrix-signal}/bin/mautrix-signal -c ${generatedConfig}/config.yaml";
      Restart = "on-failure";
    };

    unitConfig = {
      JoinsNamespaceOf = "signald.service";
    };
  };

  services.matrix-synapse.settings.app_service_config_files = lib.singleton "${generatedConfig}/registration.yaml";
}