{ inputs, pkgs, ... }: let port = 6167; in { nix.settings = { substituters = [ "https://attic.conduit.rs/conduit" ]; trusted-public-keys = [ "conduit:ddcaWZiWm0l0IXZlO8FERRdWvEufwmd0Negl1P+c0Ns=" ]; }; services.matrix-conduit = { enable = true; package = inputs.conduit.packages.${pkgs.system}.default; settings.global = { address = "127.0.0.1"; server_name = "jacekpoz.pl"; database_backend = "rocksdb"; inherit port; enable_lightning_bolt = false; max_request_size = 104857600; allow_check_for_updates = false; allow_registration = false; }; }; services.caddy = { enable = true; virtualHosts."m.jacekpoz.pl".extraConfig = '' reverse_proxy /_matrix/* 127.0.0.1:${toString port} ''; virtualHosts."jacekpoz.pl".extraConfig = '' header /.well-known/matrix/* Content-Type application/json header /.well-known/matrix/* Access-Control-Allow-Origin * respond /.well-known/matrix/server `{ "m.server": "m.jacekpoz.pl:443" }` respond /.well-known/matrix/client `{ "m.homeserver": { "base_url": "https://m.jacekpoz.pl" }, "m.identity_server": { "base_url": "https://matrix.org" }, "org.matrix.msc3575.proxy": { "url": "https://m.jacekpoz.pl" } }` ''; }; networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedUDPPorts = [ 80 443 ]; }