{ config, ... }: let conduitConfig = config.services.matrix-conduit.settings; in { services.matrix-conduit = { enable = true; settings = { global = { server_name = "dalaran.fr"; address = "127.0.0.1"; database_backend = "rocksdb"; enable_lightning_bolt = false; allow_registration = false; well_known = { client = "https://matrix.dalaran.fr"; server = "matrix.dalaran.fr:443"; }; }; }; }; services.nginx.virtualHosts = { "dalaran.fr".locations."/.well-known/matrix/" = { return = "301 https://matrix.dalaran.fr$request_uri"; }; "matrix.dalaran.fr" = { enableACME = true; addSSL = true; listen = [ { addr = "0.0.0.0"; port = 8448; ssl = true; } { addr = "[::]"; port = 8448; ssl = true; } { addr = "0.0.0.0"; port = 443; ssl = true; } { addr = "[::]"; port = 443; ssl = true; } ]; locations."/" = { recommendedProxySettings = true; proxyPass = "http://${conduitConfig.global.address}:${builtins.toString conduitConfig.global.port}"; }; extraConfig = "client_max_body_size 20M;"; }; }; networking.firewall.allowedTCPPorts = [ 443 8448 ]; services.matrix-appservice-discord = { enable = true; settings = { bridge = { domain = "dalaran.fr"; homeserverUrl = "https://matrix.dalaran.fr"; disableTypingNotifications = true; disableJoinLeaveNotifications = true; adminMxid = "dala@dalaran.fr"; }; ghosts = { usernamePattern = ":username"; }; auth = { usePrivilegedIntents = true; }; room = { defaultVisibility = "private"; }; }; environmentFile = config.sops.secrets.discord_bridge_token.path; serviceDependencies = [ "conduit.service" ]; }; }