7 files changed, 110 insertions, 77 deletions
diff --git a/machines/lapin/default.nix b/machines/lapin/default.nix
index f774bea..376c7a4 100644
--- a/machines/lapin/default.nix
+++ b/machines/lapin/default.nix
@@ -7,9 +7,6 @@
     ./hardware.nix
     ./devices.nix
 
-    # TODO: migrate to fork.
-    # R.I.P. conduwuit :(
-    # ../../services/conduwuit.nix
     ../../services/pds.nix
     ../../services/akkoma
   ];
@@ -28,7 +25,6 @@
         "base"
         "akkoma"
         "pds"
-        "conduwuit"
       ];
     };
   };
diff --git a/machines/renard/default.nix b/machines/renard/default.nix
index 2f9dcb6..c3fb0fe 100644
--- a/machines/renard/default.nix
+++ b/machines/renard/default.nix
@@ -15,6 +15,7 @@
     ../../services/minecraft.nix
     ../../services/miniflux.nix
     ../../services/shiori.nix
+    ../../services/matrix.nix
     ../../services/irc
   ];
 
@@ -42,6 +43,7 @@
         "git"
         "mel"
         "shorest"
+        "matrix"
       ];
     };
   };
@@ -53,7 +55,7 @@
         return = "301 https://soc.rnrd.eu$request_uri";
       };
 
-      # delegate matrix to lapin
+      # delegate matrix to subdomain `matrix.rnrd.eu`
       "/.well-known/matrix/server" = {
         return = "200 '{ \"m.server\": \"matrix.rnrd.eu:443\" }'";
         extraConfig = ''
diff --git a/secrets/conduwuit-registration-token.age b/secrets/conduwuit-registration-token.age
deleted file mode 100644
index 9f1e340..0000000
--- a/secrets/conduwuit-registration-token.age
+++ /dev/null
Binary files differdiff --git a/secrets/continuwuity-registration-token.age b/secrets/continuwuity-registration-token.age
new file mode 100644
index 0000000..e957a31
--- /dev/null
+++ b/secrets/continuwuity-registration-token.age
@@ -0,0 +1,18 @@
+age-encryption.org/v1
+-> ssh-ed25519 p1ieXg tqSFB3EtfciTASyLj/b7cTH1Hc8D1+W03qw3s7q70Ag
+Sx3QivmJMU3YIMOmiSMSWdfVPEVKAe30DRKAMFUU65U
+-> ssh-ed25519 ztr2Fw aRXAnFDPN8ZAvr+5JmbQvFOnz8I/p+is3nl/BW3XQlg
+ET2goN6Ej28Xgy0w9SblbHMKZGSXELxx8dRPUtRUgo4
+-> ssh-ed25519 lYrVNQ RDfLU+bkbFKxfwp9cGSw2l/jTQ4GZ7y+6m8fNAAIImo
++NF6+rrHd575TzcmjVxb8M+XQTHE8jeG63Ab+zmX7vs
+-> ssh-ed25519 COVM9Q lnV4LgJupeoQgj9zo+618v4hLXj1lVoD+/3FW2vqjH8
+DXgiM9SxbYq1mcYtb/nw3tAIjMKU72EUv9+wSMYNttY
+-> ssh-ed25519 aV3pTQ RVGzAFJBnOYKP5AneTwE0mQQxShK1kUHfTSlKJpBIUM
+GAvK26vGJ0wCQTIrWXSSpzfcPG55Scoxeu/dcdeut7A
+-> ssh-ed25519 jWuO5g EZ5YeYWwaMIw/gegtOpQEJFOOTPpDD3a/h/LHbH2UlE
+uqdxi5bDBgFJbTdqEwWi5bSHxwLuXXjttxFYa7HlNos
+-> ssh-ed25519 sqz3iQ zbfQbMHIznpAVR93jGt7WDkXqPhq0x5N6aOsFO7QszU
+JdxRsbhURvmnJEhwK6OSHi2I4LZXIGCpqsVXJlDpPd8
+--- tE2a2Xb9NHHH0EgmbiP6sqsD7gmtW+PQRu1EztvAdh0
+�P��+����9�	j	�K���g�q���J7��ߋ^*]=g��;�u�{9N
+^q��`�j��nq���&O�J
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 30bb62d..2a31d11 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -22,8 +22,8 @@ in
     lapin
   ] ++ allAdmins;
 
-  "conduwuit-registration-token.age".publicKeys = [
-    lapin
+  "continuwuity-registration-token.age".publicKeys = [
+    renard
   ] ++ allAdmins;
 
   "pia-login-secrets.age".publicKeys = [
diff --git a/services/conduwuit.nix b/services/conduwuit.nix
deleted file mode 100644
index 03b0dcb..0000000
--- a/services/conduwuit.nix
+++ /dev/null
@@ -1,70 +0,0 @@
-{ config, pkgs, auxiliaryPkgs, ... }:
-
-let
-  inherit (pkgs) conduwuit dockerTools;
-  inherit (auxiliaryPkgs) common;
-
-  conduwuitLocalPort = 2123;
-  conduwuitDir = "/srv/conduwuit";
-
-  conduwuitImage = dockerTools.streamLayeredImage {
-    name = "conduwuit";
-    tag = conduwuit.version;
-    fromImage = common.alpine.base;
-
-    contents = [ conduwuit ];
-  };
-
-in
-{
-  age.secrets.conduwuit-registration-token = {
-    file = ../secrets/conduwuit-registration-token.age;
-  };
-
-  foundation.service.conduwuit = {
-    conduwuit = {
-      image = conduwuitImage;
-      ports = [ conduwuitLocalPort ];
-
-      volumes = [
-        [ "${conduwuitDir}/db" "/var/lib/conduwuit" ]
-        [ "${conduwuitDir}/conduwuit.toml" "/etc/conduwuit/conduwuit.toml" ]
-        [
-          "${config.age.secrets.conduwuit-registration-token.path}"
-          "/etc/conduwuit/registration-itoken"
-        ]
-      ];
-
-      environment = {
-        CONDUWUIT_CONFIG = "/etc/conduwuit/conduwuit.toml";
-      };
-
-      entrypoint = "${conduwuit}/bin/conduit";
-    };
-  };
-
-  services.nginx.virtualHosts = {
-    "matrix.rnrd.eu" = let
-      proxySettings = { proxyPass = "http://127.0.0.1:${toString conduwuitLocalPort}"; };
-    in
-    {
-      useACMEHost = "rnrd.eu";
-      forceSSL = true;
-
-      locations."/" = proxySettings;
-      locations."/_matrix" = proxySettings;
-      locations."/_conduwuit" = proxySettings;
-
-      extraConfig = ''
-        client_max_body_size 20M;
-
-        proxy_connect_timeout 600;
-        proxy_send_timeout 600;
-        proxy_read_timeout 600;
-        send_timeout 600;
-
-        access_log /var/log/nginx/conduwuit.access.log json_combined;
-      '';
-    };
-  };
-}
diff --git a/services/matrix.nix b/services/matrix.nix
new file mode 100644
index 0000000..3586cc8
--- /dev/null
+++ b/services/matrix.nix
@@ -0,0 +1,87 @@
+{
+  config,
+  pkgs,
+  unstablePkgs,
+  auxiliaryPkgs,
+  ...
+}:
+
+let
+  inherit (pkgs) dockerTools;
+  inherit (unstablePkgs) matrix-continuwuity;
+  inherit (auxiliaryPkgs) common;
+
+  continuwuityLocalPort = 2123;
+  continuwuityDir = "/srv/matrix";
+
+  continuwuityImage = dockerTools.streamLayeredImage {
+    name = "continuwuity";
+    tag = matrix-continuwuity.version;
+    fromImage = common.alpine.base;
+
+    contents = [ matrix-continuwuity ];
+  };
+
+in
+{
+  age.secrets.continuwuity-registration-token = {
+    file = ../secrets/continuwuity-registration-token.age;
+  };
+
+  foundation.service.continuwuity = {
+    continuwuity = {
+      image = continuwuityImage;
+      ports = [ continuwuityLocalPort ];
+
+      volumes = [
+        [
+          "${continuwuityDir}/db"
+          "/var/lib/continuwuity"
+        ]
+        [
+          "${continuwuityDir}/continuwuity.toml"
+          "/etc/continuwuity/continuwuity.toml"
+        ]
+        [
+          "${config.age.secrets.continuwuity-registration-token.path}"
+          "/etc/continuwuity/registration-token"
+        ]
+      ];
+
+      environment = {
+        CONDUWUIT_CONFIG = "/etc/continuwuity/continuwuity.toml";
+      };
+
+      entrypoint = "${matrix-continuwuity}/bin/conduwuit";
+    };
+  };
+
+  services.nginx.virtualHosts = {
+    "matrix.rnrd.eu" =
+      let
+        proxySettings = {
+          proxyPass = "http://127.0.0.1:${toString continuwuityLocalPort}";
+        };
+      in
+      {
+        useACMEHost = "rnrd.eu";
+        forceSSL = true;
+
+        locations."/" = proxySettings;
+        locations."/_matrix" = proxySettings;
+        locations."/_conduwuit" = proxySettings;
+        locations."/_continuwuity" = proxySettings;
+
+        extraConfig = ''
+          client_max_body_size 20M;
+
+          proxy_connect_timeout 600;
+          proxy_send_timeout 600;
+          proxy_read_timeout 600;
+          send_timeout 600;
+
+          access_log /var/log/nginx/matrix.access.log json_combined;
+        '';
+      };
+  };
+}