diff --git a/nixos/configuration.nix b/nixos/configuration.nix
index c44a291..cef1f6a 100644
--- a/nixos/configuration.nix
+++ b/nixos/configuration.nix
@@ -16,6 +16,7 @@
     ./programs/jellyfin.nix
     ./programs/mysql.nix
     ./programs/photoprism.nix
+    ./programs/synapse.nix
   ];
 
   # Enable flakes
diff --git a/nixos/programs/nginx.nix b/nixos/programs/nginx.nix
index 592b799..439d3d3 100644
--- a/nixos/programs/nginx.nix
+++ b/nixos/programs/nginx.nix
@@ -1,5 +1,14 @@
 { config, ... }:
-{
+let
+  # Required stuff for synapse
+  clientConfig."m.homeserver".base_url = "https://matrix.comfycamp.space";
+  serverConfig."m.server" = "matrix.comfycamp.space:443";
+  mkWellKnown = data: ''
+    add_header Content-Type application/json;
+    add_header Access-Control-Allow-Origin *;
+    return 200 '${builtins.toJSON data}';
+  '';
+in {
   services.nginx = {
     enable = true;
     recommendedTlsSettings = true;
@@ -17,6 +26,20 @@
     '';
 
     virtualHosts = {
+      "comfycamp.space" = {
+        useACMEHost = "comfycamp.space";
+        forceSSL = true;
+        # This section is not needed if the server_name of matrix-synapse is equal to
+        # the domain (i.e. example.org from @foo:example.org) and the federation port
+        # is 8448.
+        # Further reference can be found in the docs about delegation under
+        # https://matrix-org.github.io/synapse/latest/delegate.html
+        locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
+        # This is usually needed for homeserver discovery (from e.g. other Matrix clients).
+        # Further reference can be found in the upstream docs at
+        # https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixclient
+        locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
+      };
       "nc.comfycamp.space" = {
         useACMEHost = "comfycamp.space";
         forceSSL = true;
@@ -30,6 +53,20 @@
           };
         };
       };
+      "matrix.comfycamp.space" = {
+        useACMEHost = "comfycamp.space";
+        forceSSL = true;
+        locations = {
+          "/".extraConfig = ''
+            return 404;
+          '';
+          # Forward all Matrix API calls to the synapse Matrix homeserver. A trailing slash
+          # *must not* be used here.
+          "/_matrix".proxyPass = "http://127.0.0.1:8008";
+          # Forward requests for e.g. SSO and password-resets.
+          "/_synapse/client".proxyPass = "http://127.0.0.1:8008";
+        };
+      };
       "pp.comfycamp.space" = {
         useACMEHost = "comfycamp.space";
         forceSSL = true;
diff --git a/nixos/programs/synapse.nix b/nixos/programs/synapse.nix
new file mode 100644
index 0000000..121fa05
--- /dev/null
+++ b/nixos/programs/synapse.nix
@@ -0,0 +1,33 @@
+{ config, ... }:
+{
+  services.matrix-synapse = {
+    enable = true;
+    settings = {
+      server_name = "matrix.comfycamp.space";
+      public_baseurl = "https://matrix.comfycamp.space";
+      database = {
+        name = "psycopg2";
+        args = {
+          user = "matrix-synapse";
+          database = "matrix-synapse";
+        };
+      };
+      report_stats = true;
+      listeners = [{
+        bind_addresses = [ "127.0.0.1" ];
+        port = 8008;
+        type = "http";
+        tls = false;
+        x_forwarded = true;
+        resources = [{
+          names = [ "client" "federation" ];
+          compress = false;
+        }];
+      }];
+      signing_key_path = "/var/lib/matrix-synapse/matrix.comfycamp.space.signing.key";
+    };
+    extraConfigFiles = [
+      "/var/lib/secrets/matrix-synapse/config.yml"
+    ];
+  };
+}