summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--machines/lapin/default.nix11
-rw-r--r--secrets/conduwuit-registration-token.agebin0 -> 587 bytes
-rw-r--r--secrets/secrets.nix4
-rw-r--r--services/conduwuit.nix68
4 files changed, 73 insertions, 10 deletions
diff --git a/machines/lapin/default.nix b/machines/lapin/default.nix
index 3178a1d..2e21328 100644
--- a/machines/lapin/default.nix
+++ b/machines/lapin/default.nix
@@ -9,7 +9,7 @@
 
     ../../modules/www.nix
 
-    ../../services/dendrite.nix
+    ../../services/conduwuit.nix
     ../../services/pds.nix
     ../../services/akkoma
   ];
@@ -39,15 +39,6 @@
       };
     };
 
-    "matrix.rnrd.eu" = {
-      forceSSL = true;
-      enableACME = true;
-
-      locations."/_matrix" = {
-        proxyPass = "http://127.0.0.1:8008";
-      };
-    };
-
     "pds.rnrd.eu" = {
       serverAliases = [ "*.pds.rnrd.eu" ];
       forceSSL = true;
diff --git a/secrets/conduwuit-registration-token.age b/secrets/conduwuit-registration-token.age
new file mode 100644
index 0000000..3f2761d
--- /dev/null
+++ b/secrets/conduwuit-registration-token.age
Binary files differdiff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 22c7a91..604ca1e 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -14,5 +14,9 @@ in
     lapin
   ] ++ allAdmins;
 
+  "conduwuit-registration-token.age".publicKeys = [
+    lapin
+  ] ++ allAdmins;
+
   "password.age".publicKeys = allSystems ++ allAdmins;
 }
diff --git a/services/conduwuit.nix b/services/conduwuit.nix
new file mode 100644
index 0000000..af59f7f
--- /dev/null
+++ b/services/conduwuit.nix
@@ -0,0 +1,68 @@
+{ config, pkgs, auxiliaryPkgs, ... }:
+
+let
+  inherit (pkgs) conduwuit dockerTools;
+  inherit (auxiliaryPkgs) common;
+
+  conduwuitLocalPort = 2123;
+  conduwuitDir = "/srv/conduwuit";
+
+  conduwuitImage = dockerTools.streamLayeredImage {
+    name = "conduwuit";
+    tag = conduwuit.version;
+    fromImage = common.alpine.base;
+
+    contents = [ conduwuit ];
+  };
+
+in
+{
+  age.secrets.conduwuit-registration-token = {
+    file = ../secrets/conduwuit-registration-token.age;
+  };
+
+  foundation.service.conduwuit = {
+    conduwuit = {
+      image = conduwuitImage;
+      ports = [ conduwuitLocalPort ];
+
+      volumes = [
+        [ "${conduwuitDir}/db" "/var/lib/conduwuit" ]
+        [ "${conduwuitDir}/conduwuit.toml" "/etc/conduwuit/conduwuit.toml" ]
+        [
+          "${config.age.secrets.conduwuit-registration-token.path}"
+          "/etc/conduwuit/registration-itoken"
+        ]
+      ];
+
+      environment = {
+        CONDUWUIT_CONFIG = "/etc/conduwuit/conduwuit.toml";
+      };
+
+      entrypoint = "${conduwuit}/bin/conduit";
+    };
+  };
+
+  services.nginx.virtualHosts = {
+    "matrix.rnrd.eu" = let
+      proxySettings = { proxyPass = "http://127.0.0.1:${toString conduwuitLocalPort}"; };
+    in
+    {
+      forceSSL = true;
+      enableACME = true;
+
+      locations."/" = proxySettings;
+      locations."/_matrix" = proxySettings;
+      locations."/_conduwuit" = proxySettings;
+
+      extraConfig = ''
+        client_max_body_size 20M;
+
+        proxy_connect_timeout 600;
+        proxy_send_timeout 600;
+        proxy_read_timeout 600;
+        send_timeout 600;
+      '';
+    };
+  };
+}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2026-04-25 15:19:04 +0000