hosts/m3-atlas/services/tuwunel.nix

{config, ...}: let
  # Tuwunel uses a list for ports
  tuwunel-port = config.m3ta.ports.get "tuwunel";
in {
  services.matrix-tuwunel = {
    enable = true;
    settings.global = {
      server_name = "m3ta.dev";
      address = ["127.0.0.1"];
      port = [tuwunel-port];
      max_request_size = 20000000;
      allow_registration = true;
      registration_token_file = config.age.secrets."tuwunel-registration-token".path;
      allow_encryption = true;
      allow_federation = true;
      trusted_servers = ["matrix.org"];
    };
  };

  # Traefik configuration for Tuwunel
  services.traefik.dynamicConfigOptions.http = {
    services.tuwunel.loadBalancer.servers = [
      {
        url = "http://localhost:${toString tuwunel-port}/";
      }
    ];

    routers.tuwunel = {
      rule = "Host(`matrix.m3ta.dev`)";
      tls = {
        certResolver = "godaddy";
      };
      service = "tuwunel";
      entrypoints = "websecure";
    };

    # Federation endpoint on base domain
    routers.tuwunel-federation = {
      rule = "Host(`m3ta.dev`) && PathPrefix(`/_matrix`)";
      tls = {
        certResolver = "godaddy";
      };
      service = "tuwunel";
      entrypoints = "websecure";
    };
  };

  # Open federation port
  networking.firewall.allowedTCPPorts = [8448];
}
feat: tuwunel matrix server + hermes update 2026-04-24 21:38:57 +02:00			`{config, ...}: let`
			`# Tuwunel uses a list for ports`
			`tuwunel-port = config.m3ta.ports.get "tuwunel";`
			`in {`
			`services.matrix-tuwunel = {`
+basic hermes config 2026-04-06 18:44:07 +02:00			`enable = true;`
			`settings.global = {`
			`server_name = "m3ta.dev";`
feat: tuwunel matrix server + hermes update 2026-04-24 21:38:57 +02:00			`address = ["127.0.0.1"];`
			`port = [tuwunel-port];`
+basic hermes config 2026-04-06 18:44:07 +02:00			`max_request_size = 20000000;`
feat: tuwunel matrix server + hermes update 2026-04-24 21:38:57 +02:00			`allow_registration = true;`
			`registration_token_file = config.age.secrets."tuwunel-registration-token".path;`
+basic hermes config 2026-04-06 18:44:07 +02:00			`allow_encryption = true;`
			`allow_federation = true;`
			`trusted_servers = ["matrix.org"];`
			`};`
			`};`

feat: tuwunel matrix server + hermes update 2026-04-24 21:38:57 +02:00			`# Traefik configuration for Tuwunel`
+basic hermes config 2026-04-06 18:44:07 +02:00			`services.traefik.dynamicConfigOptions.http = {`
feat: tuwunel matrix server + hermes update 2026-04-24 21:38:57 +02:00			`services.tuwunel.loadBalancer.servers = [`
+basic hermes config 2026-04-06 18:44:07 +02:00			`{`
feat: tuwunel matrix server + hermes update 2026-04-24 21:38:57 +02:00			`url = "http://localhost:${toString tuwunel-port}/";`
+basic hermes config 2026-04-06 18:44:07 +02:00			`}`
			`];`

feat: tuwunel matrix server + hermes update 2026-04-24 21:38:57 +02:00			`routers.tuwunel = {`
+basic hermes config 2026-04-06 18:44:07 +02:00			rule = "Host(`matrix.m3ta.dev`)";
			`tls = {`
			`certResolver = "godaddy";`
			`};`
feat: tuwunel matrix server + hermes update 2026-04-24 21:38:57 +02:00			`service = "tuwunel";`
+basic hermes config 2026-04-06 18:44:07 +02:00			`entrypoints = "websecure";`
			`};`

			`# Federation endpoint on base domain`
feat: tuwunel matrix server + hermes update 2026-04-24 21:38:57 +02:00			`routers.tuwunel-federation = {`
+basic hermes config 2026-04-06 18:44:07 +02:00			rule = "Host(`m3ta.dev`) && PathPrefix(`/_matrix`)";
			`tls = {`
			`certResolver = "godaddy";`
			`};`
feat: tuwunel matrix server + hermes update 2026-04-24 21:38:57 +02:00			`service = "tuwunel";`
+basic hermes config 2026-04-06 18:44:07 +02:00			`entrypoints = "websecure";`
			`};`
			`};`

			`# Open federation port`
			`networking.firewall.allowedTCPPorts = [8448];`
			`}`