+basic hermes config

hosts/m3-atlas/services/conduit.nix

@@ -0,0 +1,48 @@
+{config, ...}: {
+  services.matrix-conduit = {
+    enable = true;
+    settings.global = {
+      server_name = "m3ta.dev";
+      address = "127.0.0.1";
+      port = config.m3ta.ports.get "conduit";
+      max_request_size = 20000000;
+      allow_registration = false;
+      allow_encryption = true;
+      allow_federation = true;
+      trusted_servers = ["matrix.org"];
+      database_backend = "rocksdb";
+    };
+    secretFile = config.age.secrets.conduit-env.path;
+  };
+
+  # Traefik configuration for Conduit
+  services.traefik.dynamicConfigOptions.http = {
+    services.conduit.loadBalancer.servers = [
+      {
+        url = "http://localhost:${toString (config.m3ta.ports.get "conduit")}/";
+      }
+    ];
+
+    routers.conduit = {
+      rule = "Host(`matrix.m3ta.dev`)";
+      tls = {
+        certResolver = "godaddy";
+      };
+      service = "conduit";
+      entrypoints = "websecure";
+    };
+
+    # Federation endpoint on base domain
+    routers.conduit-federation = {
+      rule = "Host(`m3ta.dev`) && PathPrefix(`/_matrix`)";
+      tls = {
+        certResolver = "godaddy";
+      };
+      service = "conduit";
+      entrypoints = "websecure";
+    };
+  };
+
+  # Open federation port
+  networking.firewall.allowedTCPPorts = [8448];
+}