{ pkgs, config, ... }: {
  age.secrets.matrix_admin_api_token = {
    rekeyFile = ./secrets/matrix_admin_api_token.age;
    owner = "matrix-synapse";
    group = "matrix-synapse";
    mode = "0400";
  };

  systemd.services."synapse-revitalization" =
  let pkg = "${pkgs.synapse-revitalization}/bin/synapse-revitalization";
    script = pkgs.writeShellScript "synapse-revitalization-script" ''
      journalctl -f -u matrix-synapse -o cat |
      while read -r line; do
        echo "$line" | grep "as we're not in the room" && ${pkg} "$line" &
        echo "$line" | grep "Ignoring PDU for unknown room_id" && ${pkg} "$line" &
      done
    '';
  in {
    enable = true;
    wantedBy = [ "multi-user.target" ];
    serviceConfig = {
      Type = "simple";
      # User = "matrix-synapse";
      # Group = "matrix-synapse";
      User = "root";
      Group = "root";
      ExecStart = script;
      Restart = "always";
    };
    environment = {
      "SYNAPSE_REVITALIZATION_ADMIN_AUTH_TOKEN_FILE" = config.age.secrets.matrix_admin_api_token.path;
      "SYNAPSE_REVITALIZATION_SERVER_KEY_FILE" = "/var/lib/matrix-synapse/homeserver.signing.key";
      "SYNAPSE_REVITALIZATION_SERVER_NAME" = "nothing.run";
      "SYNAPSE_REVITALIZATION_SERVER_ADDRESS" = "matrix.nothing.run";
    };
  };
}