{ config, pkgs, ... }: let well_known_server = pkgs.writeText "well-known-matrix-server" '' { "m.server": "matrix.${config.services.matrix-conduit.settings.global.server_name}" } ''; well_known_client = pkgs.writeText "well-known-matrix-client" '' { "m.homeserver": { "base_url": "https://matrix.${config.services.matrix-conduit.settings.global.server_name}" } ''; in { services.matrix-conduit = { enable = true; settings.global = { server_name = "${config.networking.domain}"; }; }; services.nginx = { enable = true; virtualHosts = { "matrix.${config.services.matrix-conduit.settings.global.server_name}" = { forceSSL = true; enableACME = true; listen = [ { addr = "0.0.0.0"; port = 443; ssl = true; } { addr = "0.0.0.0"; port = 8448; ssl = true; } ]; locations."/_matrix/" = { proxyPass = "http://backend_conduit$request_uri"; proxyWebsockets = true; extraConfig = '' proxy_set_header Host $host; proxy_buffering off; ''; }; extraConfig = '' merge_slashes off; ''; }; "${config.services.matrix-conduit.settings.global.server_name}" = { forceSSL = true; enableACME = true; locations."/.well-known/matrix/server" = { alias = "${well_known_server}"; extraConfig = '' default_type application/json; ''; }; locations."/.well-known/matrix/client" = { alias = "${well_known_client}"; extraConfig = '' default_type application/json; add_header Access-Control-Allow-Origin ""; ''; }; }; }; upstreams = { backend-conduit = { servers = { "localhost:${builtins.toString config.services.matrix-conduit.settings.global.port}" = {}; }; }; }; }; networking.firewall.allowedTCPPorts = [8448]; networking.firewall.allowedUDPPorts = [8448]; }