diff --git a/configuration/default.nix b/configuration/default.nix
index 76a1bf7..f15ecca 100644
--- a/configuration/default.nix
+++ b/configuration/default.nix
@@ -7,6 +7,7 @@
     ./services/nextcloud.nix
     ./services/webserver.nix
     ./services/starbound.nix
+    ./services/conduit.nix
     ./ids.nix
   ];
 
@@ -38,7 +39,7 @@
     useDHCP = false;
     interfaces.eth0.useDHCP = true;
 
-    firewall.allowedTCPPorts = [ 80 443 2222 2221 25565 21025 ];
+    firewall.allowedTCPPorts = [ 80 443 2222 2221 8448 25565 21025 ];
   };
 
   time.timeZone = "Europe/London";
diff --git a/configuration/services/conduit.nix b/configuration/services/conduit.nix
new file mode 100644
index 0000000..4b3069b
--- /dev/null
+++ b/configuration/services/conduit.nix
@@ -0,0 +1,49 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  inherit (lib.lists) flatten;
+
+  domain = config.services.nginx.domain;
+  server_name = "matrix.${domain}";
+in {
+  services.matrix-conduit = {
+    enable = true;
+    settings.global = {
+      inherit server_name;
+      address = "127.0.0.1";
+      database_backend = "rocksdb";
+    };
+  };
+
+  services.nginx = {
+    virtualHosts."${server_name}" = {
+      listen = flatten (map (port: [
+        {
+          inherit port;
+          addr = "0.0.0.0";
+          ssl = true;
+        }
+        {
+          inherit port;
+          addr = "[::0]";
+          ssl = true;
+        }
+      ]) [443 8448]);
+
+      locations."/_matrix/" = {
+        proxyPass = "http://127.0.0.1:6167";
+        extraConfig = ''
+          proxy_buffering off;
+        '';
+      };
+      onlySSL = true;
+      enableACME = true;
+
+      extraConfig = ''
+        merge_slashes off;
+      '';
+    };
+  };
+}
diff --git a/flake.lock b/flake.lock
index 5c75d61..5d3597b 100644
--- a/flake.lock
+++ b/flake.lock
@@ -2,11 +2,11 @@
   "nodes": {
     "flake-utils": {
       "locked": {
-        "lastModified": 1649676176,
-        "narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=",
+        "lastModified": 1653893745,
+        "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "a4b154ebbdc88c8498a5c7b01589addc9e9cb678",
+        "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1",
         "type": "github"
       },
       "original": {
@@ -38,11 +38,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1650522846,
-        "narHash": "sha256-SxWHXRI3qJwswyXAtzsi6PKVY3KLNNnb072KaJthII8=",
+        "lastModified": 1654057797,
+        "narHash": "sha256-mXo7C4v7Jj2feBzcReu1Eu/3Rnw5b023E9kOyFsHZQw=",
         "owner": "nixos",
         "repo": "nixos-hardware",
-        "rev": "6b4ebea9093c997c5f275c820e679108de4871ab",
+        "rev": "0cab18a48de7914ef8cad35dca0bb36868f3e1af",
         "type": "github"
       },
       "original": {
@@ -54,16 +54,48 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1650501692,
-        "narHash": "sha256-ApKf0/dc0SyB7zZ6yiiOQgcXAhCXxbSDyihHfRDIzx0=",
+        "lastModified": 1654622265,
+        "narHash": "sha256-AltUA8bPbXeRgzcDhQEURVHqQhTByxk6Xtgf+CYmEFk=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "9887f024766aa27704d1f89f623efd1d063da92a",
+        "rev": "11e805f9935f6ab4b049351ac14f2d1aa93cf1d3",
         "type": "github"
       },
       "original": {
         "owner": "nixos",
-        "ref": "nixos-21.11",
+        "ref": "nixos-22.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-21_11": {
+      "locked": {
+        "lastModified": 1654346688,
+        "narHash": "sha256-Y7QtZkfdxTvACCvWmDjpN6qOf4OKkZATufHcJP2VMKM=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "2de556c4cd46a59e8ce2f85ee4dd400983213d45",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "release-21.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-22_05": {
+      "locked": {
+        "lastModified": 1654373220,
+        "narHash": "sha256-3vKFnZz2oYHo4YcelaNOhO4XQ2jiIEXrp1s4w+e773c=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "d6cb04299ce8964290ae7fdcb87aa50da0500b5c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "release-22.05",
         "repo": "nixpkgs",
         "type": "github"
       }
@@ -107,14 +139,16 @@
       "inputs": {
         "nixpkgs": [
           "nixpkgs"
-        ]
+        ],
+        "nixpkgs-21_11": "nixpkgs-21_11",
+        "nixpkgs-22_05": "nixpkgs-22_05"
       },
       "locked": {
-        "lastModified": 1649756291,
-        "narHash": "sha256-KTll8bCINAzIUGaaMrbn9wb5nfhkXRLgmFrWGR/Dku0=",
+        "lastModified": 1654401128,
+        "narHash": "sha256-uCdQ2fzIPGakHw2TkvOncUvCl7Fo7z/vagpDWYooO7s=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "c2614c4fe61943b3d280ac1892fcebe6e8eaf8c8",
+        "rev": "f075361ecbde21535b38e41dfaa28a28f160855c",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index 772580b..b706e86 100644
--- a/flake.nix
+++ b/flake.nix
@@ -2,7 +2,7 @@
   description = "tlater.net host configuration";
 
   inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-21.11";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-22.05";
     nixos-hardware.url = "github:nixos/nixos-hardware/master";
     flake-utils.url = "github:numtide/flake-utils";
     sops-nix = {