2 files changed, 36 insertions, 9 deletions

diff --git a/flake.nix b/flake.nix
index 6a6cef8..7b70860 100644
--- a/flake.nix
+++ b/flake.nix
@@ -97,7 +97,10 @@
           }
           {
             type = "services";
-            modules = [ "ssh" ];
+            modules = [
+              "matrix"
+              "ssh"
+            ];
           }
         ])
         (mkSystem "odin" "x86_64-linux" inputs.nixpkgs [
@@ -174,7 +177,6 @@
             type = "services";
             modules = [
               "fediverse"
-              "proxy"
               "ssh"
               "web"
             ];
diff --git a/modules/services/web/default.nix b/modules/services/web/default.nix
index b6a45af..fe97c0e 100644
--- a/modules/services/web/default.nix
+++ b/modules/services/web/default.nix
@@ -1,10 +1,35 @@
-{ ... }:
+{ config, ... }:
+let
+  fqdn = "synapse.${config.networking.domain}";
+  baseUrl = "https://${fqdn}";
+in
 {
-  services.caddy.virtualHosts = {
-    "tdback.net".extraConfig = ''
-      root * /var/www/tdback.net/
-      encode zstd gzip
-      file_server
-    '';
+  networking.domain = "tdback.net";
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+
+  services.caddy = {
+    enable = true;
+    virtualHosts = {
+      ${config.networking.domain}.extraConfig = ''
+        handle /.well-known/matrix/server {
+          Content-Type application/json
+          Access-Control-Allow-Origin *
+          respond `{"m.server": "${fqdn}:443"}`
+        }
+
+        handle /.well-known/matrix/client {
+          Content-Type application/json
+          Access-Control-Allow-Origin *
+          respond `{"m.homeserver": {"base_url": "${baseUrl}"}}`
+        }
+
+        root * /var/www/tdback.net/
+        encode zstd gzip
+        file_server
+      '';
+    };
   };
 }