From 5cd910ecaf65b0bb9d4eb80a951724886c87d160 Mon Sep 17 00:00:00 2001
From: Crony Akatsuki <crony@cronyakatsuki.xyz>
Date: Tue, 10 Feb 2026 21:10:25 +0100
Subject: [PATCH] feat: use tuwunel insteas of conduit.

---
 modules/servers/per-server/thor/secrets.nix   |  5 +++
 .../per-server/thor/services/conduit.nix      | 37 +++++++++++++------
 2 files changed, 31 insertions(+), 11 deletions(-)

diff --git a/modules/servers/per-server/thor/secrets.nix b/modules/servers/per-server/thor/secrets.nix
index abf6427..0c2833e 100644
--- a/modules/servers/per-server/thor/secrets.nix
+++ b/modules/servers/per-server/thor/secrets.nix
@@ -10,6 +10,11 @@
       conduit = {
         file = "${inputs.secrets}/secrets/conduit.age";
       };
+      tuwunel = {
+        file = "${inputs.secrets}/secrets/tuwunel.age";
+        owner = "tuwunel";
+        group = "tuwunel";
+      };
       lemmy-env = {
         file = "${inputs.secrets}/secrets/lemmy.env.age";
       };
diff --git a/modules/servers/per-server/thor/services/conduit.nix b/modules/servers/per-server/thor/services/conduit.nix
index 675444c..d23a0c3 100644
--- a/modules/servers/per-server/thor/services/conduit.nix
+++ b/modules/servers/per-server/thor/services/conduit.nix
@@ -1,17 +1,32 @@
 {config, ...}: {
-  services.matrix-conduit = {
+  services.matrix-tuwunel = {
     enable = true;
-    settings = {
-      global = {
-        server_name = "cronyakatsuki.xyz";
-        database_backend = "rocksdb";
-        allow_registration = true;
-        allow_check_for_updates = true;
-      };
+    settings.global = {
+      server_name = "cronyakatsuki.xyz";
+      allow_registration = true;
+      registration_token_file = config.age.secrets.tuwunel.path;
     };
   };
 
-  # systemd.services.conduit.serviceConfig = {
-  #   EnvironmentFile = ["${config.age.secrets.conduit.path}"];
-  # };
+  services.traefik.dynamicConfigOptions.http = {
+    services.tuwunel.loadBalancer.servers = [
+      {
+        url = "http://localhost:6167";
+      }
+    ];
+
+    routers.tuwunel = {
+      rule = "Host(`matrix.cronyakatsuki.xyz`)";
+      tls = {
+        certResolver = "porkbun";
+      };
+      service = "tuwunel";
+      entrypoints = "websecure";
+    };
+  };
+
+  services.restic.backups = {
+    local.paths = ["/var/lib/matrix-tuwunel"];
+    server.paths = ["/var/lib/matrix-tuwunel"];
+  };
 }