infra/homelab/conduit.nix

let
  appName = "conduwuit";
  conduwuit-Image = "git.gmem.ca/arch/conduwuit:latest";
in
{ ... }: {
  kubernetes.resources.services.conduwuit = {
    spec = {
      selector.app = appName;
      ports.http = {
        port = 6167;
        targetPort = 6167;
      };
    };
  };
  kubernetes.resources.statefulSets.conduwuit.spec = {
    selector.matchLabels.app = appName;
    serviceName = appName;
    template = {
      metadata.labels.app = appName;
      spec = {
        volumes = {
          config.configMap.name = appName;
        };
        containers = {
          conduwuit = {
            image = conduwuit-Image;
            imagePullPolicy = "Always";
            ports.http.containerPort = 6167;
            volumeMounts = [
              { name = "data"; mountPath = "/var/lib/matrix-conduit"; }
              { name = "config"; mountPath = "/etc/matrix-conduit/conduit.toml";
                subPath = "conduit.toml"; }
            ];
            env.CONDUIT_CONFIG.value = "/etc/matrix-conduit/conduit.toml";
          };
        };
      };
    };
    volumeClaimTemplates = [
      { metadata.name = "data";
        spec = {
          storageClassName = "nfs-client";
          accessModes = [ "ReadWriteOnce" ];
          resources.requests.storage = "5Gi";
        };
      }
    ];
  };
  kubernetes.resources.ingresses.conduwuit = {
    metadata = {
      name = appName;
      annotations = {
        "cert-manager.io/issuer" = "le-issuer";
      };
    };
    spec = {
      tls = [ { hosts = [ "chat.gmem.ca" ]; secretName = "gmem-ca-wildcard"; } ];
      rules = [
        {
          host = "chat.gmem.ca";
          http.paths = [
            { path = "/"; pathType = "Prefix";
              backend.service = {
                name = appName;
                port.name = "http"; };
            }
          ];
        }
      ];
    };
  };
  kubernetes.resources.configMaps.conduwuit = {
    metadata = {
      name = appName;
      annotations = {
        "cert-manager.io/issuer" = "le-issuer";
      };
    };
    data."conduit.toml" =
    ''
    [global]
    # The Conduit server needs all /_matrix/ requests to be reachable at
    # https://your.server.name/ on port 443 (client-server) and 8448 (federation).
    server_name = "gmem.ca"

    # This is the only directory where Conduit will save its data
    database_path = "/var/lib/matrix-conduit/"
    database_backend = "rocksdb"
    port = 6167
    max_request_size = 20_000_000 # in bytes
    allow_federation = true
    allow_check_for_updates = false
    trusted_servers = ["matrix.org"]
    address = "0.0.0.0"
    '';
  };
}