From 3e200c896a3ee9b19ba53669e6a286bbf6553bdf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Thu, 9 Jun 2022 22:42:03 +0100
Subject: [PATCH 1/2] flake.lock: Update
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Flake lock file updates:

• Updated input 'flake-utils':
    'github:numtide/flake-utils/a4b154ebbdc88c8498a5c7b01589addc9e9cb678' (2022-04-11)
  → 'github:numtide/flake-utils/1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1' (2022-05-30)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/6b4ebea9093c997c5f275c820e679108de4871ab' (2022-04-21)
  → 'github:nixos/nixos-hardware/0cab18a48de7914ef8cad35dca0bb36868f3e1af' (2022-06-01)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/9887f024766aa27704d1f89f623efd1d063da92a' (2022-04-21)
  → 'github:nixos/nixpkgs/11e805f9935f6ab4b049351ac14f2d1aa93cf1d3' (2022-06-07)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/c2614c4fe61943b3d280ac1892fcebe6e8eaf8c8' (2022-04-12)
  → 'github:Mic92/sops-nix/f075361ecbde21535b38e41dfaa28a28f160855c' (2022-06-05)
• Added input 'sops-nix/nixpkgs-21_11':
    'github:NixOS/nixpkgs/2de556c4cd46a59e8ce2f85ee4dd400983213d45' (2022-06-04)
• Added input 'sops-nix/nixpkgs-22_05':
    'github:NixOS/nixpkgs/d6cb04299ce8964290ae7fdcb87aa50da0500b5c' (2022-06-04)
---
 flake.lock | 62 ++++++++++++++++++++++++++++++++++++++++++------------
 flake.nix  |  2 +-
 2 files changed, 49 insertions(+), 15 deletions(-)

diff --git a/flake.lock b/flake.lock
index 5c75d61..5d3597b 100644
--- a/flake.lock
+++ b/flake.lock
@@ -2,11 +2,11 @@
   "nodes": {
     "flake-utils": {
       "locked": {
-        "lastModified": 1649676176,
-        "narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=",
+        "lastModified": 1653893745,
+        "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "a4b154ebbdc88c8498a5c7b01589addc9e9cb678",
+        "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1",
         "type": "github"
       },
       "original": {
@@ -38,11 +38,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1650522846,
-        "narHash": "sha256-SxWHXRI3qJwswyXAtzsi6PKVY3KLNNnb072KaJthII8=",
+        "lastModified": 1654057797,
+        "narHash": "sha256-mXo7C4v7Jj2feBzcReu1Eu/3Rnw5b023E9kOyFsHZQw=",
         "owner": "nixos",
         "repo": "nixos-hardware",
-        "rev": "6b4ebea9093c997c5f275c820e679108de4871ab",
+        "rev": "0cab18a48de7914ef8cad35dca0bb36868f3e1af",
         "type": "github"
       },
       "original": {
@@ -54,16 +54,48 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1650501692,
-        "narHash": "sha256-ApKf0/dc0SyB7zZ6yiiOQgcXAhCXxbSDyihHfRDIzx0=",
+        "lastModified": 1654622265,
+        "narHash": "sha256-AltUA8bPbXeRgzcDhQEURVHqQhTByxk6Xtgf+CYmEFk=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "9887f024766aa27704d1f89f623efd1d063da92a",
+        "rev": "11e805f9935f6ab4b049351ac14f2d1aa93cf1d3",
         "type": "github"
       },
       "original": {
         "owner": "nixos",
-        "ref": "nixos-21.11",
+        "ref": "nixos-22.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-21_11": {
+      "locked": {
+        "lastModified": 1654346688,
+        "narHash": "sha256-Y7QtZkfdxTvACCvWmDjpN6qOf4OKkZATufHcJP2VMKM=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "2de556c4cd46a59e8ce2f85ee4dd400983213d45",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "release-21.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-22_05": {
+      "locked": {
+        "lastModified": 1654373220,
+        "narHash": "sha256-3vKFnZz2oYHo4YcelaNOhO4XQ2jiIEXrp1s4w+e773c=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "d6cb04299ce8964290ae7fdcb87aa50da0500b5c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "release-22.05",
         "repo": "nixpkgs",
         "type": "github"
       }
@@ -107,14 +139,16 @@
       "inputs": {
         "nixpkgs": [
           "nixpkgs"
-        ]
+        ],
+        "nixpkgs-21_11": "nixpkgs-21_11",
+        "nixpkgs-22_05": "nixpkgs-22_05"
       },
       "locked": {
-        "lastModified": 1649756291,
-        "narHash": "sha256-KTll8bCINAzIUGaaMrbn9wb5nfhkXRLgmFrWGR/Dku0=",
+        "lastModified": 1654401128,
+        "narHash": "sha256-uCdQ2fzIPGakHw2TkvOncUvCl7Fo7z/vagpDWYooO7s=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "c2614c4fe61943b3d280ac1892fcebe6e8eaf8c8",
+        "rev": "f075361ecbde21535b38e41dfaa28a28f160855c",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index 772580b..b706e86 100644
--- a/flake.nix
+++ b/flake.nix
@@ -2,7 +2,7 @@
   description = "tlater.net host configuration";
 
   inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-21.11";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-22.05";
     nixos-hardware.url = "github:nixos/nixos-hardware/master";
     flake-utils.url = "github:numtide/flake-utils";
     sops-nix = {

From 40682e946fc4a8e034d531e95a8c9c6b9238aeb4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Thu, 9 Jun 2022 22:40:00 +0100
Subject: [PATCH 2/2] Add conduit

---
 configuration/default.nix          |  3 +-
 configuration/services/conduit.nix | 49 ++++++++++++++++++++++++++++++
 2 files changed, 51 insertions(+), 1 deletion(-)
 create mode 100644 configuration/services/conduit.nix

diff --git a/configuration/default.nix b/configuration/default.nix
index 76a1bf7..f15ecca 100644
--- a/configuration/default.nix
+++ b/configuration/default.nix
@@ -7,6 +7,7 @@
     ./services/nextcloud.nix
     ./services/webserver.nix
     ./services/starbound.nix
+    ./services/conduit.nix
     ./ids.nix
   ];
 
@@ -38,7 +39,7 @@
     useDHCP = false;
     interfaces.eth0.useDHCP = true;
 
-    firewall.allowedTCPPorts = [ 80 443 2222 2221 25565 21025 ];
+    firewall.allowedTCPPorts = [ 80 443 2222 2221 8448 25565 21025 ];
   };
 
   time.timeZone = "Europe/London";
diff --git a/configuration/services/conduit.nix b/configuration/services/conduit.nix
new file mode 100644
index 0000000..4b3069b
--- /dev/null
+++ b/configuration/services/conduit.nix
@@ -0,0 +1,49 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  inherit (lib.lists) flatten;
+
+  domain = config.services.nginx.domain;
+  server_name = "matrix.${domain}";
+in {
+  services.matrix-conduit = {
+    enable = true;
+    settings.global = {
+      inherit server_name;
+      address = "127.0.0.1";
+      database_backend = "rocksdb";
+    };
+  };
+
+  services.nginx = {
+    virtualHosts."${server_name}" = {
+      listen = flatten (map (port: [
+        {
+          inherit port;
+          addr = "0.0.0.0";
+          ssl = true;
+        }
+        {
+          inherit port;
+          addr = "[::0]";
+          ssl = true;
+        }
+      ]) [443 8448]);
+
+      locations."/_matrix/" = {
+        proxyPass = "http://127.0.0.1:6167";
+        extraConfig = ''
+          proxy_buffering off;
+        '';
+      };
+      onlySSL = true;
+      enableACME = true;
+
+      extraConfig = ''
+        merge_slashes off;
+      '';
+    };
+  };
+}