From f2b1f2bc51bba715d042acafeb95321eb781cbbd Mon Sep 17 00:00:00 2001
From: Noratrieb <48135649+Noratrieb@users.noreply.github.com>
Date: Sat, 14 Feb 2026 17:40:02 +0100
Subject: [PATCH 1/2] update and matrix

---
 nix/apps/matrix/default.nix       | 36 +++++++++++++++++++++++++++++++
 nix/apps/website/default.nix      |  6 ++++++
 nix/hive.nix                      |  3 +++
 nix/modules/caddy/default.nix     |  2 +-
 nix/modules/dns/noratrieb.dev.nix |  2 ++
 nix/nixpkgs.json                  |  4 ++--
 6 files changed, 50 insertions(+), 3 deletions(-)
 create mode 100644 nix/apps/matrix/default.nix

diff --git a/nix/apps/matrix/default.nix b/nix/apps/matrix/default.nix
new file mode 100644
index 0000000..0906cd1
--- /dev/null
+++ b/nix/apps/matrix/default.nix
@@ -0,0 +1,36 @@
+{ pkgs, ... }: {
+  services.matrix-continuwuity = {
+    enable = true;
+    settings = {
+      global = {
+        server_name = "noratrieb.dev";
+        allow_registration = false;
+        allow_encryption = true;
+        allow_federation = true;
+        trusted_servers = [ "matrix.org" ];
+        well_known = {
+          server = "matrix.noratrieb.dev:443";
+          client = "https://matrix.noratrieb.dev";
+          support_page = "https://noratrieb.dev";
+        };
+      };
+    };
+  };
+  environment.systemPackages = [ pkgs.matrix-continuwuity ];
+  services.caddy.virtualHosts."matrix.noratrieb.dev" = {
+    extraConfig = ''
+      encode zstd gzip
+
+      reverse_proxy * http://localhost:6167
+    '';
+  };
+  services.caddy.virtualHosts."matrix.noratrieb.dev:8448" = {
+    extraConfig = ''
+      encode zstd gzip
+
+      reverse_proxy * http://localhost:6167
+    '';
+  };
+  networking.firewall.allowedTCPPorts = [ 8448 ];
+  networking.firewall.interfaces.wg0.allowedTCPPorts = [ 6167 ];
+}
diff --git a/nix/apps/website/default.nix b/nix/apps/website/default.nix
index 45e881b..bd5105b 100644
--- a/nix/apps/website/default.nix
+++ b/nix/apps/website/default.nix
@@ -12,6 +12,12 @@
       logFormat = "";
       extraConfig = ''
         encode zstd gzip
+
+        reverse_proxy /.well-known/matrix/* https://matrix.noratrieb.dev {
+          header_up Host matrix.noratrieb.dev
+        }
+        
+
         header -Last-Modified
 
         header /blog/css/* Cache-Control "max-age=31540000, immutable"
diff --git a/nix/hive.nix b/nix/hive.nix
index 9a574d3..6d3a58e 100644
--- a/nix/hive.nix
+++ b/nix/hive.nix
@@ -205,6 +205,9 @@
       ./modules/caddy
       ./modules/garage
       ./modules/snowflake-proxy
+
+      # apps
+      ./apps/matrix
     ];
 
     system.stateVersion = "23.11";
diff --git a/nix/modules/caddy/default.nix b/nix/modules/caddy/default.nix
index daca119..07c3646 100644
--- a/nix/modules/caddy/default.nix
+++ b/nix/modules/caddy/default.nix
@@ -6,7 +6,7 @@ let
       "github.com/noratrieb-mirrors/certmagic-s3@v1.1.3"
       "github.com/sagikazarmark/caddy-fs-s3@v0.10.0"
     ];
-    hash = "sha256-onWUF2Ecd+LFprqY52U1AEvKhBIwKmI6eibeK03LpWM=";
+    hash = "sha256-aZnF6dMCOfQufDhABS4ggfB0gkhDVYpdn2f60oqqKI8=";
   };
 in
 {
diff --git a/nix/modules/dns/noratrieb.dev.nix b/nix/modules/dns/noratrieb.dev.nix
index 81d3647..e2dc8ea 100644
--- a/nix/modules/dns/noratrieb.dev.nix
+++ b/nix/modules/dns/noratrieb.dev.nix
@@ -63,6 +63,8 @@ let
 
         garage = combine [ vps1 vps2 vps3 vps4 ];
 
+        matrix = vps2;
+
         # --- apps
         docker = vps1;
         hugo-chat = vps1 // {
diff --git a/nix/nixpkgs.json b/nix/nixpkgs.json
index 1efe252..f1929d3 100644
--- a/nix/nixpkgs.json
+++ b/nix/nixpkgs.json
@@ -4,7 +4,7 @@
     "commit": "ac62194c3917d5f474c1a844b6fd6da2db95077d"
   },
   "nixos-25.11": {
-    "lastUpdated": "2026-01-31T13:55:04.922Z",
-    "commit": "fa83fd837f3098e3e678e6cf017b2b36102c7211"
+    "lastUpdated": "2026-02-14T15:07:37.351Z",
+    "commit": "6c5e707c6b5339359a9a9e215c5e66d6d802fd7a"
   }
 }

From eebb543d9904a7a0ad5b98518274bc7fa23eb792 Mon Sep 17 00:00:00 2001
From: Noratrieb <48135649+Noratrieb@users.noreply.github.com>
Date: Sat, 14 Feb 2026 20:37:31 +0100
Subject: [PATCH 2/2] update to nixos 25.11

---
 nix/apps/does-it-build/default.nix | 5 ++---
 nix/hive.nix                       | 4 +---
 nix/modules/caddy/default.nix      | 2 +-
 nix/modules/garage/default.nix     | 2 +-
 nix/nixpkgs.json                   | 4 ----
 5 files changed, 5 insertions(+), 12 deletions(-)

diff --git a/nix/apps/does-it-build/default.nix b/nix/apps/does-it-build/default.nix
index a2b0244..588d0af 100644
--- a/nix/apps/does-it-build/default.nix
+++ b/nix/apps/does-it-build/default.nix
@@ -1,8 +1,7 @@
-{ pkgs, nixpkgs-next, lib, config, my-projects-versions, ... }:
+{ pkgs, lib, config, my-projects-versions, ... }:
 let
   does-it-build-base = (import (pkgs.fetchFromGitHub my-projects-versions.does-it-build.fetchFromGitHub)) {
-    # needs a recent rust version.
-    pkgs = nixpkgs-next;
+    inherit pkgs;
   };
   does-it-build = does-it-build-base.overrideAttrs (finalAttrs: previousAttrs: {
     DOES_IT_BUILD_OVERRIDE_VERSION = my-projects-versions.does-it-build.commit;
diff --git a/nix/hive.nix b/nix/hive.nix
index 6d3a58e..3406272 100644
--- a/nix/hive.nix
+++ b/nix/hive.nix
@@ -2,8 +2,7 @@
   meta =
     let
       nixpkgs-version = builtins.fromJSON (builtins.readFile ./nixpkgs.json);
-      nixpkgs-path = (fetchTarball "https://github.com/NixOS/nixpkgs/archive/${nixpkgs-version."nixos-25.05".commit}.tar.gz");
-      nixpkgs-next = import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/${nixpkgs-version."nixos-25.11".commit}.tar.gz") { };
+      nixpkgs-path = (fetchTarball "https://github.com/NixOS/nixpkgs/archive/${nixpkgs-version."nixos-25.11".commit}.tar.gz");
     in
     {
       # Override to pin the Nixpkgs version (recommended). This option
@@ -16,7 +15,6 @@
       specialArgs = {
         my-projects-versions = builtins.fromJSON (builtins.readFile ./my-projects.json);
 
-        inherit nixpkgs-next;
         inherit nixpkgs-path;
 
         networkingConfig = {
diff --git a/nix/modules/caddy/default.nix b/nix/modules/caddy/default.nix
index 07c3646..dfdf0f6 100644
--- a/nix/modules/caddy/default.nix
+++ b/nix/modules/caddy/default.nix
@@ -6,7 +6,7 @@ let
       "github.com/noratrieb-mirrors/certmagic-s3@v1.1.3"
       "github.com/sagikazarmark/caddy-fs-s3@v0.10.0"
     ];
-    hash = "sha256-aZnF6dMCOfQufDhABS4ggfB0gkhDVYpdn2f60oqqKI8=";
+    hash = "sha256-ERccS8hBcjttV92MgJkgLBNY1RWRztYujby80MH52Xo=";
   };
 in
 {
diff --git a/nix/modules/garage/default.nix b/nix/modules/garage/default.nix
index 23e1cad..409dcc6 100644
--- a/nix/modules/garage/default.nix
+++ b/nix/modules/garage/default.nix
@@ -20,7 +20,7 @@ in
   };
   services.garage = {
     enable = true;
-    package = pkgs.garage_2_1_0;
+    package = pkgs.garage_2;
     settings = {
       metadata_dir = "/var/lib/garage/meta";
       data_dir = "/var/lib/garage/data";
diff --git a/nix/nixpkgs.json b/nix/nixpkgs.json
index f1929d3..c1c6d94 100644
--- a/nix/nixpkgs.json
+++ b/nix/nixpkgs.json
@@ -1,8 +1,4 @@
 {
-  "nixos-25.05": {
-    "lastUpdated": "2026-01-31T13:55:04.757Z",
-    "commit": "ac62194c3917d5f474c1a844b6fd6da2db95077d"
-  },
   "nixos-25.11": {
     "lastUpdated": "2026-02-14T15:07:37.351Z",
     "commit": "6c5e707c6b5339359a9a9e215c5e66d6d802fd7a"