summary refs log tree commit diff
path: root/services
diff options
context:
space:
mode:
authorMel <einebeere@gmail.com>2024-12-15 22:53:04 +0100
committerMel <einebeere@gmail.com>2024-12-15 22:53:04 +0100
commit3700b0489942a4b22025e71778a5572069451437 (patch)
treee217fcbd17ac5ca26326084f65cc4f5f98c617e3 /services
parentf1333608a54a3c6255d996844645f99a433ace94 (diff)
downloadnetwork-3700b0489942a4b22025e71778a5572069451437.tar.zst
network-3700b0489942a4b22025e71778a5572069451437.zip
Deploy conduwuit as new Matrix homeserver
Signed-off-by: Mel <einebeere@gmail.com>
Diffstat (limited to 'services')
-rw-r--r--services/conduwuit.nix68
1 files changed, 68 insertions, 0 deletions
diff --git a/services/conduwuit.nix b/services/conduwuit.nix
new file mode 100644
index 0000000..af59f7f
--- /dev/null
+++ b/services/conduwuit.nix
@@ -0,0 +1,68 @@
+{ config, pkgs, auxiliaryPkgs, ... }:
+
+let
+  inherit (pkgs) conduwuit dockerTools;
+  inherit (auxiliaryPkgs) common;
+
+  conduwuitLocalPort = 2123;
+  conduwuitDir = "/srv/conduwuit";
+
+  conduwuitImage = dockerTools.streamLayeredImage {
+    name = "conduwuit";
+    tag = conduwuit.version;
+    fromImage = common.alpine.base;
+
+    contents = [ conduwuit ];
+  };
+
+in
+{
+  age.secrets.conduwuit-registration-token = {
+    file = ../secrets/conduwuit-registration-token.age;
+  };
+
+  foundation.service.conduwuit = {
+    conduwuit = {
+      image = conduwuitImage;
+      ports = [ conduwuitLocalPort ];
+
+      volumes = [
+        [ "${conduwuitDir}/db" "/var/lib/conduwuit" ]
+        [ "${conduwuitDir}/conduwuit.toml" "/etc/conduwuit/conduwuit.toml" ]
+        [
+          "${config.age.secrets.conduwuit-registration-token.path}"
+          "/etc/conduwuit/registration-itoken"
+        ]
+      ];
+
+      environment = {
+        CONDUWUIT_CONFIG = "/etc/conduwuit/conduwuit.toml";
+      };
+
+      entrypoint = "${conduwuit}/bin/conduit";
+    };
+  };
+
+  services.nginx.virtualHosts = {
+    "matrix.rnrd.eu" = let
+      proxySettings = { proxyPass = "http://127.0.0.1:${toString conduwuitLocalPort}"; };
+    in
+    {
+      forceSSL = true;
+      enableACME = true;
+
+      locations."/" = proxySettings;
+      locations."/_matrix" = proxySettings;
+      locations."/_conduwuit" = proxySettings;
+
+      extraConfig = ''
+        client_max_body_size 20M;
+
+        proxy_connect_timeout 600;
+        proxy_send_timeout 600;
+        proxy_read_timeout 600;
+        send_timeout 600;
+      '';
+    };
+  };
+}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2026-04-25 11:16:22 +0000