feat: use tuwunel insteas of conduit.

modules/servers/per-server/thor/secrets.nix

@@ -10,6 +10,11 @@
       conduit = {
         file = "${inputs.secrets}/secrets/conduit.age";
       };
+      tuwunel = {
+        file = "${inputs.secrets}/secrets/tuwunel.age";
+        owner = "tuwunel";
+        group = "tuwunel";
+      };
       lemmy-env = {
         file = "${inputs.secrets}/secrets/lemmy.env.age";
       };

modules/servers/per-server/thor/services/conduit.nix

@@ -1,17 +1,32 @@
 {config, ...}: {
-  services.matrix-conduit = {
+  services.matrix-tuwunel = {
     enable = true;
-    settings = {
+    settings.global = {
-      global = {
       server_name = "cronyakatsuki.xyz";
-        database_backend = "rocksdb";
       allow_registration = true;
-        allow_check_for_updates = true;
+      registration_token_file = config.age.secrets.tuwunel.path;
-      };
     };
   };
 
-  # systemd.services.conduit.serviceConfig = {
+  services.traefik.dynamicConfigOptions.http = {
-  #   EnvironmentFile = ["${config.age.secrets.conduit.path}"];
+    services.tuwunel.loadBalancer.servers = [
-  # };
+      {
+        url = "http://localhost:6167";
+      }
+    ];
+
+    routers.tuwunel = {
+      rule = "Host(`matrix.cronyakatsuki.xyz`)";
+      tls = {
+        certResolver = "porkbun";
+      };
+      service = "tuwunel";
+      entrypoints = "websecure";
+    };
+  };
+
+  services.restic.backups = {
+    local.paths = ["/var/lib/matrix-tuwunel"];
+    server.paths = ["/var/lib/matrix-tuwunel"];
+  };
 }