feat: use tuwunel insteas of conduit.

2026-02-10 21:10:25 +01:00 · 2026-02-10 21:10:25 +01:00 · 5cd910ecaf
commit 5cd910ecaf
parent 377e610395
2 changed files with 31 additions and 11 deletions
--- a/modules/servers/per-server/thor/secrets.nix
+++ b/modules/servers/per-server/thor/secrets.nix
@ -10,6 +10,11 @@
      conduit = {
        file = "${inputs.secrets}/secrets/conduit.age";
      };
+      tuwunel = {
+        file = "${inputs.secrets}/secrets/tuwunel.age";
+        owner = "tuwunel";
+        group = "tuwunel";
+      };
      lemmy-env = {
        file = "${inputs.secrets}/secrets/lemmy.env.age";
      };
--- a/modules/servers/per-server/thor/services/conduit.nix
+++ b/modules/servers/per-server/thor/services/conduit.nix
@ -1,17 +1,32 @@
 {config, ...}: {
-  services.matrix-conduit = {
+  services.matrix-tuwunel = {
    enable = true;
-    settings = {
-      global = {
-        server_name = "cronyakatsuki.xyz";
-        database_backend = "rocksdb";
-        allow_registration = true;
-        allow_check_for_updates = true;
-      };
+    settings.global = {
+      server_name = "cronyakatsuki.xyz";
+      allow_registration = true;
+      registration_token_file = config.age.secrets.tuwunel.path;
    };
  };

-  # systemd.services.conduit.serviceConfig = {
-  #   EnvironmentFile = ["${config.age.secrets.conduit.path}"];
-  # };
+  services.traefik.dynamicConfigOptions.http = {
+    services.tuwunel.loadBalancer.servers = [
+      {
+        url = "http://localhost:6167";
+      }
+    ];
+
+    routers.tuwunel = {
+      rule = "Host(`matrix.cronyakatsuki.xyz`)";
+      tls = {
+        certResolver = "porkbun";
+      };
+      service = "tuwunel";
+      entrypoints = "websecure";
+    };
+  };
+
+  services.restic.backups = {
+    local.paths = ["/var/lib/matrix-tuwunel"];
+    server.paths = ["/var/lib/matrix-tuwunel"];
+  };
 }