From 5a79f12e4b02e1284623b2b0709443d599b07258 Mon Sep 17 00:00:00 2001
From: Crony Akatsuki <crony@cronyakatsuki.xyz>
Date: Sun, 11 May 2025 12:34:54 +0200
Subject: [PATCH] feat(thor): add conduit, matrix server.

---
 modules/servers/thor/conduit.nix |  34 +++++++++++++++++++++++++++++++
 modules/servers/thor/default.nix |   1 +
 modules/servers/thor/secrets.nix |   3 +++
 secrets/conduit.age              | Bin 0 -> 1028 bytes
 secrets/secrets.nix              |   1 +
 5 files changed, 39 insertions(+)
 create mode 100644 modules/servers/thor/conduit.nix
 create mode 100644 secrets/conduit.age

diff --git a/modules/servers/thor/conduit.nix b/modules/servers/thor/conduit.nix
new file mode 100644
index 0000000..466f457
--- /dev/null
+++ b/modules/servers/thor/conduit.nix
@@ -0,0 +1,34 @@
+{config, ...}: {
+  services.matrix-conduit = {
+    enable = true;
+    settings = {
+      global = {
+        server_name = "cronyakatsuki.xyz";
+        database_backend = "rocksdb";
+        allow_registration = true;
+        allow_check_for_updates = true;
+      };
+    };
+  };
+
+  systemd.services.conduit.serviceConfig = {
+    EnvironmentFile = ["${config.age.secrets.conduit.path}"];
+  };
+
+  services.traefik.dynamicConfigOptions.http = {
+    services.conduit.loadBalancer.servers = [
+      {
+        url = "http://localhost:6167";
+      }
+    ];
+
+    routers.conduit = {
+      rule = "Host(`matrix.cronyakatsuki.xyz`)";
+      tls = {
+        certResolver = "porkbun";
+      };
+      service = "conduit";
+      entrypoints = "websecure";
+    };
+  };
+}
diff --git a/modules/servers/thor/default.nix b/modules/servers/thor/default.nix
index 55a635f..6b8e21c 100644
--- a/modules/servers/thor/default.nix
+++ b/modules/servers/thor/default.nix
@@ -4,5 +4,6 @@
     ./forgejo.nix
     ./secrets.nix
     ./plausible.nix
+    ./conduit.nix
   ];
 }
diff --git a/modules/servers/thor/secrets.nix b/modules/servers/thor/secrets.nix
index 9db06d3..fe7bbed 100644
--- a/modules/servers/thor/secrets.nix
+++ b/modules/servers/thor/secrets.nix
@@ -7,6 +7,9 @@
       plausible = {
         file = ../../../secrets/plausible.age;
       };
+      conduit = {
+        file = ../../../secrets/conduit.age;
+      };
     };
   };
 }
diff --git a/secrets/conduit.age b/secrets/conduit.age
new file mode 100644
index 0000000000000000000000000000000000000000..806868aa54c6eb45bdd90bb91470a852af221377
GIT binary patch
literal 1028
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSP3NXp@E?2NLcC+*k
zPS+2&bWbaCukfid4fl1f3UUi|D%UqI)GyK3b~Oz&3-vJ#4COM)b=P(_@-z&|HZJiB
zjq-?akMeOeD=MtaanJXP%rP!D3H34z3o#822t~KeOgkg6AW$K|yRs;=&?PA%FwZkA
zBtYNY(Kyn=)6CJ&*gqvA$<r;Z)H^IP-#5TL&w|UVIIP&CB0Dk6&#N#h&CMb#qbkwJ
zOh2a}A}=hcJU=_gHOf2PJjXHA*%95g9DRS6a7P92a;GH22&eRv@)B>yqRj9Bzq~*{
ziwHN1%7C(<ME9y<56_gq#7h5y3{Nh1_W&nv%d9AE!-$Z|jDqkm?{XuLsFbw85(_hJ
z0}m6wzzoX*N3V$VAOm#U%(YFujRO@7%PmZclU*ybib|8KQgd9~+)~Y)wG&M}gZ#2{
zvNKJ}L%a>6%*)KvGt;>O1JbpF)1AXy^-E1MLk&!w%Dvn(^3BZr-Q2wNi#@YF^DI2l
z6EpSGGELBJ^Dj3DaW7YJ%1m=HbSVr^Nl(tUNHh#FaY=G1C~zu{%JvK{HFb>$v&hT!
z_43Lt%roH9E-`QoNHI4~bWF<03U<uT&aVh}^ma>fadq;lG&at6O3E|UH+1!lvdl)e
zE!ox6&(~4GI5RxBv^2o7(!4A?*Ev7Hr98{HTtCRiGCwcCu-LTJ+bu23Jtfn_-zk)<
z$~ZT)u)rkMH!;a1(YG)&Qa{SiD8QmHr8vUbyE4GpCo8$sBsVg`TRR`!wzL%eD4#%u
z{JfyR%nColO!JgHx7;wx$Y7I<kf5^g<OpB)^pG&mvXHRy0Ash1B#&$^gLI#&oH8^2
z3iIUbjDjrfq6puV;v~ZY6Q9C>oFq&4(p<N)Ozm7Z^9)ZeU0q#;3=fx}6mwTc_w>qC
zALokX@@%(2_tFq;Z?ka!l)NAVr(kc_l+r-ULW@u?twY>vF0{S=(|^&TZ_$S}ll)t9
zJMPG8d91xrX3QkIwm8tS-Sky|!`Y`h7$mqBXPMd_=rEXPm$giH7pJQ4{Yg?x{nw-w
zI!YN8*G?3;AlV`)@M0qi`$wIXd3SCJuQog+m2fZIkyrGJ;cu(NqCyw>Gk^HE71_&w
zTF{)j``(u1^JV-3`yYH>mY(tDfQOsxn#recyzOcedATsDj<IYKOV2Jf0UxfVA3|7v
aO_QA4mAz)_`6%gCZQ>jfUF(?)wg3SBE?t}e

literal 0
HcmV?d00001

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 55eff04..b0a85c9 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -22,4 +22,5 @@ in {
   "navidrome.age".publicKeys = systems ++ users;
   "forgejo-db.age".publicKeys = systems ++ users;
   "plausible.age".publicKeys = systems ++ users;
+  "conduit.age".publicKeys = systems ++ users;
 }