diff --git a/configuration.nix b/configuration.nix
index adb7367..4e851ed 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -122,6 +122,17 @@ with pkgs;
       owner = "coolneng";
       group = "users";
     };
+    # HACK The owner and group is set by systemd due to the use of DynamicUser
+    secrets.dendrite = {
+      file = secrets/dendrite.age;
+      owner = "63026";
+      group = "63026";
+    };
+    secrets.dendrite-postgres = {
+      file = secrets/dendrite-postgres.age;
+      owner = "63026";
+      group = "63026";
+    };
     identityPaths = [ "/home/coolneng/.ssh/id_ed25519" ];
   };
 
diff --git a/flake.lock b/flake.lock
index 13888da..d9ce810 100644
--- a/flake.lock
+++ b/flake.lock
@@ -20,6 +20,75 @@
         "type": "github"
       }
     },
+    "devshell": {
+      "locked": {
+        "lastModified": 1642188268,
+        "narHash": "sha256-DNz4xScpXIn7rSDohdayBpPR9H9OWCMDOgTYegX081k=",
+        "owner": "numtide",
+        "repo": "devshell",
+        "rev": "696acc29668b644df1740b69e1601119bf6da83b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "devshell",
+        "type": "github"
+      }
+    },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1641205782,
+        "narHash": "sha256-4jY7RCWUoZ9cKD8co0/4tFARpWB+57+r1bLLvXNJliY=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "b7547d3eed6f32d06102ead8991ec52ab0a4f1a7",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "nix-matrix-appservices": {
+      "inputs": {
+        "devshell": "devshell",
+        "flake-compat": "flake-compat",
+        "nixlib": "nixlib",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1650783069,
+        "narHash": "sha256-mcjuOAXVC9zZ6f5Uh67uEpiZzaTMFP6ZvW8pqanesLM=",
+        "owner": "coffeetables",
+        "repo": "nix-matrix-appservices",
+        "rev": "5483c1b3f73c81a4533a1d7a8cc80486ca9b5c14",
+        "type": "gitlab"
+      },
+      "original": {
+        "owner": "coffeetables",
+        "repo": "nix-matrix-appservices",
+        "type": "gitlab"
+      }
+    },
+    "nixlib": {
+      "locked": {
+        "lastModified": 1643502816,
+        "narHash": "sha256-Wrbt6Gs+hjXD3HUICPBJHKnHEUqiyx8rzHCgvqC1Bok=",
+        "owner": "divnix",
+        "repo": "nixpkgs.lib",
+        "rev": "ebed7ec5bcb5d01e298535989c6c321df18b631a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "divnix",
+        "repo": "nixpkgs.lib",
+        "type": "github"
+      }
+    },
     "nixos-hardware": {
       "locked": {
         "lastModified": 1656933710,
@@ -53,6 +122,7 @@
     "root": {
       "inputs": {
         "agenix": "agenix",
+        "nix-matrix-appservices": "nix-matrix-appservices",
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs"
       }
diff --git a/flake.nix b/flake.nix
index c287f3f..0818faa 100644
--- a/flake.nix
+++ b/flake.nix
@@ -7,10 +7,18 @@
       url = "github:ryantm/agenix";
       inputs.nixpkgs.follows = "nixpkgs";
     };
-    nixos-hardware.url = "github:NixOS/nixos-hardware";
+    nixos-hardware = {
+      url = "github:NixOS/nixos-hardware";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    nix-matrix-appservices = {
+      url = "gitlab:coffeetables/nix-matrix-appservices";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
 
-  outputs = { self, nixpkgs, agenix, nixos-hardware, ... }@inputs:
+  outputs = { self, nixpkgs, agenix, nixos-hardware, nix-matrix-appservices, ...
+    }@inputs:
     let
       system = "aarch64-linux";
 
@@ -25,6 +33,7 @@
           (import ./configuration.nix)
           agenix.nixosModules.age
           nixos-hardware.nixosModules.raspberry-pi-4
+          nix-matrix-appservices.nixosModule
         ];
         specialArgs = { inherit inputs; };
       };
diff --git a/modules/communication.nix b/modules/communication.nix
index e4cb5ab..8cba451 100644
--- a/modules/communication.nix
+++ b/modules/communication.nix
@@ -1,41 +1,79 @@
 { config, lib, pkgs, ... }:
 
-{
+with pkgs;
+
+# NOTE Reference the environment variable set in the corresponding agenix secret
+let database.connection_string = "$DB_STRING";
+
+in {
   # Matrix server configuration
-  services.matrix-synapse = {
+  services.dendrite = {
     enable = true;
+    httpPort = 8008;
+    environmentFile = config.age.secrets.dendrite-postgres.path;
+    loadCredential = [ "private_key:${config.age.secrets.dendrite.path}" ];
     settings = {
-      server_name = "coolneng.duckdns.org";
-      public_baseurl = "https://matrix.coolneng.duckdns.org";
-      listeners = [{
-        port = 8008;
-        tls = false;
-        resources = [{
-          compress = true;
-          names = [ "client" ];
-        }];
-        bind_addresses = [ "127.0.0.1" ];
-      }];
-      app_service_config_files =
-        [ "/var/lib/matrix-synapse/telegram-registration.yaml" ];
+      global = {
+        server_name = "coolneng.duckdns.org";
+        private_key = config.age.secrets.dendrite.path;
+        inherit database;
+      };
+      # HACK Inherit postgres connection string for the rest of the DBs
+      app_service_api = { inherit database; };
+      media_api = { inherit database; };
+      room_server = { inherit database; };
+      push_server = { inherit database; };
+      mscs = {
+        inherit database;
+        mscs = [ "msc2836" "msc2946" ];
+      };
+      sync_api = { inherit database; };
+      key_server = { inherit database; };
+      federation_api = { inherit database; };
+      user_api = {
+        account_database = database;
+        device_database = database;
+      };
     };
   };
 
-  # Telegram bridge for Matrix
-  services.mautrix-telegram = {
-    enable = true;
-    environmentFile = /var/lib/mautrix-telegram/telegram.env;
-    settings = {
-      homeserver = {
-        address = "https://matrix.coolneng.duckdns.org";
-        domain = "coolneng.duckdns.org";
-      };
-      appservice = {
-        address = "http://localhost:8118";
+  # Matrix bridges
+  services.matrix-appservices = {
+    homeserver = "dendrite";
+    addRegistrationFiles = true;
+    services = {
+      telegram = {
         port = 8118;
+        format = "mautrix-python";
+        package = mautrix-telegram;
+      };
+      facebook = {
+        port = 8228;
+        format = "mautrix-python";
+        package = mautrix-facebook;
+      };
+      signal = {
+        port = 8338;
+        format = "mautrix-python";
+        package = mautrix-signal;
+        serviceConfig = {
+          StateDirectory = [ "matrix-as-signal" "signald" ];
+          JoinNamespaceOf = "signald.service";
+          SupplementaryGroups = [ "signald" ];
+        };
+        settings.signal = {
+          socket_path = config.services.signald.socketPath;
+          outgoing_attachment_dir = "/var/lib/signald/tmp";
+        };
       };
-      bridge.permissions."@coolneng:coolneng.duckdns.org" = "admin";
     };
-    serviceDependencies = [ "matrix-synapse.service" ];
   };
+
+  # Additional settings for mautrix-signal
+  services.signald.enable = true;
+  systemd.services.matrix-as-signal = {
+    requires = [ "signald.service" ];
+    after = [ "signald.service" ];
+  };
+
 }
diff --git a/modules/webstack.nix b/modules/webstack.nix
index dbc847a..31c4a98 100644
--- a/modules/webstack.nix
+++ b/modules/webstack.nix
@@ -45,6 +45,7 @@
             "rewrite ^/gitea/(.*)$ https://git.coolneng.duckdns.org/$1 last;";
           "/miniflux/".extraConfig =
             "rewrite ^/miniflux/(.*)$ https://rss.coolneng.duckdns.org/$1 last;";
+          "/.well-known/".alias = "${../well-known}" + "/";
         };
       };
       "radicale.coolneng.duckdns.org" = {
@@ -88,7 +89,13 @@
             ssl = true;
           }
         ];
-        locations."/".proxyPass = "http://localhost:8008/";
+        locations."~ ^(/_matrix|/_synapse/client)" = {
+          proxyPass = "http://localhost:8008";
+          extraConfig = ''
+            proxy_set_header X-Forwarded-For $remote_addr;
+            proxy_set_header X-Forwarded-Proto $scheme;
+          '';
+        };
       };
       "element.coolneng.duckdns.org" = {
         enableACME = true;
@@ -177,7 +184,7 @@
     "syncthing.service"
     "miniflux.service"
     "radicale.service"
-    "matrix-synapse.service"
+    "dendrite.service"
     "phpfpm-wallabag.service"
   ];
 }
diff --git a/scripts/motd.sh b/scripts/motd.sh
index 7943d5e..87bba98 100755
--- a/scripts/motd.sh
+++ b/scripts/motd.sh
@@ -25,7 +25,7 @@ services=(
 	"miniflux.service"
 	"phpfpm-wallabag.service"
 	"gitea.service"
-	"matrix-synapse.service"
+	"dendrite.service"
 	"mautrix-telegram.service"
 	"nginx.service"
 	"dnsmasq.service"
diff --git a/secrets/dendrite-postgres.age b/secrets/dendrite-postgres.age
new file mode 100644
index 0000000..3d9cc0b
Binary files /dev/null and b/secrets/dendrite-postgres.age differ
diff --git a/secrets/dendrite.age b/secrets/dendrite.age
new file mode 100644
index 0000000..697a05a
Binary files /dev/null and b/secrets/dendrite.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 4ff0776..1fc745d 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -9,4 +9,6 @@ in {
   "ddclient.age".publicKeys = [ zion ];
   "miniflux.age".publicKeys = [ zion ];
   "git.age".publicKeys = [ zion ];
+  "dendrite.age".publicKeys = [ zion ];
+  "dendrite-postgres.age".publicKeys = [ zion ];
 }
diff --git a/well-known/matrix/server b/well-known/matrix/server
new file mode 100644
index 0000000..e3f2a32
--- /dev/null
+++ b/well-known/matrix/server
@@ -0,0 +1 @@
+{ "m.server": "matrix.coolneng.duckdns.org:443" }