ngnix for conduit

nixos/machines/driftwood/configuration.nix

@@ -35,7 +35,15 @@
   };
 
   # ACME data must be readable by the NGINX user
-  # users.users.nginx.extraGroups = [
-  #   "acme"
-  # ];
+  users.users.nginx.extraGroups = [
+    "acme"
+  ];
+
+  # Enable nginx
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+recommendedOptimisation = true;
+  };
 }

nixos/machines/driftwood/containers/conduit.nix

@@ -38,4 +38,67 @@
       system.stateVersion = "24.11";
     };
   };
+
+  services.nginx = {
+    virtualHosts = {
+      "matrix.stranger.systems" = {
+        forceSSL = true;
+        enableACME = true;
+
+        listen = [
+          {
+            addr = "0.0.0.0";
+            port = 443;
+            ssl = true;
+          }
+          {
+            addr = "[::]";
+            port = 443;
+            ssl = true;
+          }
+          {
+            addr = "0.0.0.0";
+            port = 80;
+            ssl = false;
+          }
+          {
+            addr = "[::]";
+            port = 80;
+            ssl = false;
+          }
+          {
+            addr = "0.0.0.0";
+            port = 8448;
+            ssl = true;
+          }
+          {
+            addr = "[::]";
+            port = 8448;
+            ssl = true;
+          }
+        ];
+
+        locations."/_matrix/" = {
+          proxyPass = "http://backend_conduit$request_uri";
+          proxyWebsockets = true;
+          extraConfig = ''
+            proxy_set_header Host $host;
+            proxy_buffering off;
+          '';
+        };
+
+        extraConfig = ''
+          merge_slashes off;
+        '';
+      };
+    };
+
+    upstreams = {
+      "backend_conduit" = {
+        servers = {
+          "192.168.100.11:6167" = {};
+        };
+      };
+    };
+  };
 }