1 files changed, 68 insertions, 0 deletions
diff --git a/services/conduwuit.nix b/services/conduwuit.nix
new file mode 100644
index 0000000..af59f7f
--- /dev/null
+++ b/services/conduwuit.nix
@@ -0,0 +1,68 @@
+{ config, pkgs, auxiliaryPkgs, ... }:
+
+let
+  inherit (pkgs) conduwuit dockerTools;
+  inherit (auxiliaryPkgs) common;
+
+  conduwuitLocalPort = 2123;
+  conduwuitDir = "/srv/conduwuit";
+
+  conduwuitImage = dockerTools.streamLayeredImage {
+    name = "conduwuit";
+    tag = conduwuit.version;
+    fromImage = common.alpine.base;
+
+    contents = [ conduwuit ];
+  };
+
+in
+{
+  age.secrets.conduwuit-registration-token = {
+    file = ../secrets/conduwuit-registration-token.age;
+  };
+
+  foundation.service.conduwuit = {
+    conduwuit = {
+      image = conduwuitImage;
+      ports = [ conduwuitLocalPort ];
+
+      volumes = [
+        [ "${conduwuitDir}/db" "/var/lib/conduwuit" ]
+        [ "${conduwuitDir}/conduwuit.toml" "/etc/conduwuit/conduwuit.toml" ]
+        [
+          "${config.age.secrets.conduwuit-registration-token.path}"
+          "/etc/conduwuit/registration-itoken"
+        ]
+      ];
+
+      environment = {
+        CONDUWUIT_CONFIG = "/etc/conduwuit/conduwuit.toml";
+      };
+
+      entrypoint = "${conduwuit}/bin/conduit";
+    };
+  };
+
+  services.nginx.virtualHosts = {
+    "matrix.rnrd.eu" = let
+      proxySettings = { proxyPass = "http://127.0.0.1:${toString conduwuitLocalPort}"; };
+    in
+    {
+      forceSSL = true;
+      enableACME = true;
+
+      locations."/" = proxySettings;
+      locations."/_matrix" = proxySettings;
+      locations."/_conduwuit" = proxySettings;
+
+      extraConfig = ''
+        client_max_body_size 20M;
+
+        proxy_connect_timeout 600;
+        proxy_send_timeout 600;
+        proxy_read_timeout 600;
+        send_timeout 600;
+      '';
+    };
+  };
+}