From e6ce4b32c71258adf46b83bcdc0a6aef3a8f1c8a Mon Sep 17 00:00:00 2001
From: baritone <baritone@mail.spoodythe.one>
Date: Mon, 31 Mar 2025 00:50:17 +0200
Subject: [PATCH] conduit not working

---
 configuration.nix      |  1 -
 services/conduwuit.nix | 23 +++++++++++++++++------
 services/jellyfin.nix  |  3 ++-
 3 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/configuration.nix b/configuration.nix
index 1d0497b..9cd284b 100755
--- a/configuration.nix
+++ b/configuration.nix
@@ -15,7 +15,6 @@
     ./services/fail2ban.nix
     ./services/zed.nix # IMPORTANTE
     ./services/auto-torrent.nix
-    ./services/conduwuit.nix
     ./services/misc.nix
 
     ./services/website.nix
diff --git a/services/conduwuit.nix b/services/conduwuit.nix
index 0782b59..2538ab1 100644
--- a/services/conduwuit.nix
+++ b/services/conduwuit.nix
@@ -1,6 +1,6 @@
 {...}: let
   port = 6167;
-  address = "127.0.0.1";
+  host = "127.0.0.1";
   domain = "matrix.spoodythe.one";
   mb = 1024 * 1024;
   max-request-size = 20;
@@ -13,8 +13,8 @@ in {
     enable = true;
     settings = {
       global = {
-        inherit port;
-        inherit address;
+        port = [port];
+        address = [host];
         server_name = domain;
         max_request_size = max-request-size * mb;
       };
@@ -24,14 +24,25 @@ in {
   services.nginx.virtualHosts."${domain}" = {
     forceSSL = true;
     enableACME = true;
+    listen = [
+      { port = 443; ssl = true; addr = "0.0.0.0"; }
+      { port = 8448; ssl = true; addr = "0.0.0.0"; }
+    ];
     locations."/" = {
-      proxyPass = "http://${address}:${toString port}";
+      proxyPass = "http://${host}:${toString port}";
       extraConfig = ''
-        client_max_body_size ${max-request-size}M;
+        client_max_body_size ${toString max-request-size}M;
+      '';
+    };
+    locations."/_matrix" = {
+      proxyPass = "http://${host}:${toString port}";
+      extraConfig = ''
+        client_max_body_size ${toString max-request-size}M;
       '';
     };
   };
 
   # Open port so i can access it on my local network
-  networking.firewall.allowedTCPPorts = [port];
+  networking.firewall.allowedTCPPorts = [port 8448];
+  networking.firewall.allowedUDPPorts = [port 8448];
 }
diff --git a/services/jellyfin.nix b/services/jellyfin.nix
index de6a9c3..cddda9e 100755
--- a/services/jellyfin.nix
+++ b/services/jellyfin.nix
@@ -50,6 +50,7 @@ in {
     enableACME = true;
     locations."/" = {
       proxyPass = "http://${host}:${toString port}";
+      proxyWebsockets = true;
       extraConfig = ''
         # Websocket support
         proxy_set_header Upgrade $http_upgrade;
@@ -61,7 +62,7 @@ in {
     };
   };
 
-  # Open port 80 and 443 for reverse proxy
+  # Open ports for local network access
   config.networking.firewall.allowedTCPPorts = [port];
   config.networking.firewall.allowedUDPPorts = [port];
 }