add conduwuit

hosts/cloud/proxy/conduwuit.nix

@@ -0,0 +1,44 @@
+{ self, ... }:
+let
+  proxy-conf = ''
+    client_max_body_size 50M;
+    proxy_buffering off;
+
+    proxy_set_header Host              $host;
+    proxy_set_header X-Real-IP         $remote_addr;
+    proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+
+    proxy_read_timeout 600s;
+    proxy_send_timeout 600s;
+    send_timeout 600s;
+  '';
+
+in
+{
+  services.nginx.upstreams.conduwuit = {
+    servers = {
+      "10.89.88.16:6167" = { };
+      "[fd31:185d:722f::16]:6167" = { };
+    };
+  };
+
+  services.nginx.virtualHosts."oxapentane.com" = {
+    locations."/_matrix/" = {
+      proxyPass = "http://conduwuit$request_uri";
+      extraConfig = proxy-conf;
+    };
+    locations."/_conduwuit/" = {
+      proxyPass = "http://conduwuit$request_uri";
+      extraConfig = proxy-conf;
+    };
+    locations."/.well-known/matrix" = {
+      proxyPass = "http://conduwuit$request_uri";
+      extraConfig = proxy-conf;
+    };
+  };
+}

hosts/conduwuit/conduwuit.nix

@@ -0,0 +1,19 @@
+{ pkgs, ... }:
+{
+  services.matrix-conduit = {
+    enable = true;
+    package = pkgs.conduwuit;
+    settings = {
+      global = {
+        database_backend = "rocksdb";
+        new_user_displayname_suffix = "";
+        port = 6167;
+        server_name = "oxapentane.com";
+        well_known = {
+          client = "https://oxapentane.com";
+          server = "oxapentane.com:433";
+        };
+      };
+    };
+  };
+}

hosts/conduwuit/default.nix

@@ -4,6 +4,7 @@ let
 in
 {
   imports = [
+    ./conduwuit.nix
   ];
   sops.defaultSopsFile = ./secrets.yaml;
   sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];