Migrate Matrix from conduwuit to continuwuity, now on renard

Signed-off-by: Mel <mel@rnrd.eu>
author: Mel <mel@rnrd.eu> 2025-08-18 15:50:56 +0200
committer: Mel <mel@rnrd.eu> 2025-08-18 15:51:06 +0200
commit: a76a5e9fad265f281c55b5e4a80ae97d9f234cc7 (patch)
tree: f3c3c77c0fbec7e6d6da2546b27780cfd0b3c94f /services/matrix.nix
parent: dcc5f8e5624919c887969343fc9b743b88c60ce7 (diff)
download: network-a76a5e9fad265f281c55b5e4a80ae97d9f234cc7.tar.zst
network-a76a5e9fad265f281c55b5e4a80ae97d9f234cc7.zip
1 files changed, 87 insertions, 0 deletions
diff --git a/services/matrix.nix b/services/matrix.nix
new file mode 100644
index 0000000..3586cc8
--- /dev/null
+++ b/services/matrix.nix
@@ -0,0 +1,87 @@
+{
+  config,
+  pkgs,
+  unstablePkgs,
+  auxiliaryPkgs,
+  ...
+}:
+
+let
+  inherit (pkgs) dockerTools;
+  inherit (unstablePkgs) matrix-continuwuity;
+  inherit (auxiliaryPkgs) common;
+
+  continuwuityLocalPort = 2123;
+  continuwuityDir = "/srv/matrix";
+
+  continuwuityImage = dockerTools.streamLayeredImage {
+    name = "continuwuity";
+    tag = matrix-continuwuity.version;
+    fromImage = common.alpine.base;
+
+    contents = [ matrix-continuwuity ];
+  };
+
+in
+{
+  age.secrets.continuwuity-registration-token = {
+    file = ../secrets/continuwuity-registration-token.age;
+  };
+
+  foundation.service.continuwuity = {
+    continuwuity = {
+      image = continuwuityImage;
+      ports = [ continuwuityLocalPort ];
+
+      volumes = [
+        [
+          "${continuwuityDir}/db"
+          "/var/lib/continuwuity"
+        ]
+        [
+          "${continuwuityDir}/continuwuity.toml"
+          "/etc/continuwuity/continuwuity.toml"
+        ]
+        [
+          "${config.age.secrets.continuwuity-registration-token.path}"
+          "/etc/continuwuity/registration-token"
+        ]
+      ];
+
+      environment = {
+        CONDUWUIT_CONFIG = "/etc/continuwuity/continuwuity.toml";
+      };
+
+      entrypoint = "${matrix-continuwuity}/bin/conduwuit";
+    };
+  };
+
+  services.nginx.virtualHosts = {
+    "matrix.rnrd.eu" =
+      let
+        proxySettings = {
+          proxyPass = "http://127.0.0.1:${toString continuwuityLocalPort}";
+        };
+      in
+      {
+        useACMEHost = "rnrd.eu";
+        forceSSL = true;
+
+        locations."/" = proxySettings;
+        locations."/_matrix" = proxySettings;
+        locations."/_conduwuit" = proxySettings;
+        locations."/_continuwuity" = proxySettings;
+
+        extraConfig = ''
+          client_max_body_size 20M;
+
+          proxy_connect_timeout 600;
+          proxy_send_timeout 600;
+          proxy_read_timeout 600;
+          send_timeout 600;
+
+          access_log /var/log/nginx/matrix.access.log json_combined;
+        '';
+      };
+  };
+}
author	Mel <mel@rnrd.eu>	2025-08-18 15:50:56 +0200
committer	Mel <mel@rnrd.eu>	2025-08-18 15:51:06 +0200
commit	a76a5e9fad265f281c55b5e4a80ae97d9f234cc7 (patch)
tree	f3c3c77c0fbec7e6d6da2546b27780cfd0b3c94f /services/matrix.nix
parent	dcc5f8e5624919c887969343fc9b743b88c60ce7 (diff)
download	network-a76a5e9fad265f281c55b5e4a80ae97d9f234cc7.tar.zst network-a76a5e9fad265f281c55b5e4a80ae97d9f234cc7.zip