diff --git a/modules/servers/thor/conduit.nix b/modules/servers/thor/conduit.nix new file mode 100644 index 0000000..466f457 --- /dev/null +++ b/modules/servers/thor/conduit.nix @@ -0,0 +1,34 @@ +{config, ...}: { + services.matrix-conduit = { + enable = true; + settings = { + global = { + server_name = "cronyakatsuki.xyz"; + database_backend = "rocksdb"; + allow_registration = true; + allow_check_for_updates = true; + }; + }; + }; + + systemd.services.conduit.serviceConfig = { + EnvironmentFile = ["${config.age.secrets.conduit.path}"]; + }; + + services.traefik.dynamicConfigOptions.http = { + services.conduit.loadBalancer.servers = [ + { + url = "http://localhost:6167"; + } + ]; + + routers.conduit = { + rule = "Host(`matrix.cronyakatsuki.xyz`)"; + tls = { + certResolver = "porkbun"; + }; + service = "conduit"; + entrypoints = "websecure"; + }; + }; +} diff --git a/modules/servers/thor/default.nix b/modules/servers/thor/default.nix index 55a635f..6b8e21c 100644 --- a/modules/servers/thor/default.nix +++ b/modules/servers/thor/default.nix @@ -4,5 +4,6 @@ ./forgejo.nix ./secrets.nix ./plausible.nix + ./conduit.nix ]; } diff --git a/modules/servers/thor/secrets.nix b/modules/servers/thor/secrets.nix index 9db06d3..fe7bbed 100644 --- a/modules/servers/thor/secrets.nix +++ b/modules/servers/thor/secrets.nix @@ -7,6 +7,9 @@ plausible = { file = ../../../secrets/plausible.age; }; + conduit = { + file = ../../../secrets/conduit.age; + }; }; }; } diff --git a/secrets/conduit.age b/secrets/conduit.age new file mode 100644 index 0000000..806868a Binary files /dev/null and b/secrets/conduit.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 55eff04..b0a85c9 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -22,4 +22,5 @@ in { "navidrome.age".publicKeys = systems ++ users; "forgejo-db.age".publicKeys = systems ++ users; "plausible.age".publicKeys = systems ++ users; + "conduit.age".publicKeys = systems ++ users; }