From f2b1f2bc51bba715d042acafeb95321eb781cbbd Mon Sep 17 00:00:00 2001
From: Noratrieb <48135649+Noratrieb@users.noreply.github.com>
Date: Sat, 14 Feb 2026 17:40:02 +0100
Subject: [PATCH] update and matrix

---
 nix/apps/matrix/default.nix       | 36 +++++++++++++++++++++++++++++++
 nix/apps/website/default.nix      |  6 ++++++
 nix/hive.nix                      |  3 +++
 nix/modules/caddy/default.nix     |  2 +-
 nix/modules/dns/noratrieb.dev.nix |  2 ++
 nix/nixpkgs.json                  |  4 ++--
 6 files changed, 50 insertions(+), 3 deletions(-)
 create mode 100644 nix/apps/matrix/default.nix

diff --git a/nix/apps/matrix/default.nix b/nix/apps/matrix/default.nix
new file mode 100644
index 0000000..0906cd1
--- /dev/null
+++ b/nix/apps/matrix/default.nix
@@ -0,0 +1,36 @@
+{ pkgs, ... }: {
+  services.matrix-continuwuity = {
+    enable = true;
+    settings = {
+      global = {
+        server_name = "noratrieb.dev";
+        allow_registration = false;
+        allow_encryption = true;
+        allow_federation = true;
+        trusted_servers = [ "matrix.org" ];
+        well_known = {
+          server = "matrix.noratrieb.dev:443";
+          client = "https://matrix.noratrieb.dev";
+          support_page = "https://noratrieb.dev";
+        };
+      };
+    };
+  };
+  environment.systemPackages = [ pkgs.matrix-continuwuity ];
+  services.caddy.virtualHosts."matrix.noratrieb.dev" = {
+    extraConfig = ''
+      encode zstd gzip
+
+      reverse_proxy * http://localhost:6167
+    '';
+  };
+  services.caddy.virtualHosts."matrix.noratrieb.dev:8448" = {
+    extraConfig = ''
+      encode zstd gzip
+
+      reverse_proxy * http://localhost:6167
+    '';
+  };
+  networking.firewall.allowedTCPPorts = [ 8448 ];
+  networking.firewall.interfaces.wg0.allowedTCPPorts = [ 6167 ];
+}
diff --git a/nix/apps/website/default.nix b/nix/apps/website/default.nix
index 45e881b..bd5105b 100644
--- a/nix/apps/website/default.nix
+++ b/nix/apps/website/default.nix
@@ -12,6 +12,12 @@
       logFormat = "";
       extraConfig = ''
         encode zstd gzip
+
+        reverse_proxy /.well-known/matrix/* https://matrix.noratrieb.dev {
+          header_up Host matrix.noratrieb.dev
+        }
+        
+
         header -Last-Modified
 
         header /blog/css/* Cache-Control "max-age=31540000, immutable"
diff --git a/nix/hive.nix b/nix/hive.nix
index 9a574d3..6d3a58e 100644
--- a/nix/hive.nix
+++ b/nix/hive.nix
@@ -205,6 +205,9 @@
       ./modules/caddy
       ./modules/garage
       ./modules/snowflake-proxy
+
+      # apps
+      ./apps/matrix
     ];
 
     system.stateVersion = "23.11";
diff --git a/nix/modules/caddy/default.nix b/nix/modules/caddy/default.nix
index daca119..07c3646 100644
--- a/nix/modules/caddy/default.nix
+++ b/nix/modules/caddy/default.nix
@@ -6,7 +6,7 @@ let
       "github.com/noratrieb-mirrors/certmagic-s3@v1.1.3"
       "github.com/sagikazarmark/caddy-fs-s3@v0.10.0"
     ];
-    hash = "sha256-onWUF2Ecd+LFprqY52U1AEvKhBIwKmI6eibeK03LpWM=";
+    hash = "sha256-aZnF6dMCOfQufDhABS4ggfB0gkhDVYpdn2f60oqqKI8=";
   };
 in
 {
diff --git a/nix/modules/dns/noratrieb.dev.nix b/nix/modules/dns/noratrieb.dev.nix
index 81d3647..e2dc8ea 100644
--- a/nix/modules/dns/noratrieb.dev.nix
+++ b/nix/modules/dns/noratrieb.dev.nix
@@ -63,6 +63,8 @@ let
 
         garage = combine [ vps1 vps2 vps3 vps4 ];
 
+        matrix = vps2;
+
         # --- apps
         docker = vps1;
         hugo-chat = vps1 // {
diff --git a/nix/nixpkgs.json b/nix/nixpkgs.json
index 1efe252..f1929d3 100644
--- a/nix/nixpkgs.json
+++ b/nix/nixpkgs.json
@@ -4,7 +4,7 @@
     "commit": "ac62194c3917d5f474c1a844b6fd6da2db95077d"
   },
   "nixos-25.11": {
-    "lastUpdated": "2026-01-31T13:55:04.922Z",
-    "commit": "fa83fd837f3098e3e678e6cf017b2b36102c7211"
+    "lastUpdated": "2026-02-14T15:07:37.351Z",
+    "commit": "6c5e707c6b5339359a9a9e215c5e66d6d802fd7a"
   }
 }